US9210140B2 - Remote functionality selection - Google Patents

Remote functionality selection Download PDF

Info

Publication number
US9210140B2
US9210140B2 US12/858,345 US85834510A US9210140B2 US 9210140 B2 US9210140 B2 US 9210140B2 US 85834510 A US85834510 A US 85834510A US 9210140 B2 US9210140 B2 US 9210140B2
Authority
US
United States
Prior art keywords
network interface
interface device
network
configuration instructions
authentication key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US12/858,345
Other languages
English (en)
Other versions
US20110202983A1 (en
Inventor
Steven L. Pope
David Riddoch
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xilinx Inc
Original Assignee
Solarflare Communications Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US12/858,345 priority Critical patent/US9210140B2/en
Application filed by Solarflare Communications Inc filed Critical Solarflare Communications Inc
Assigned to SOLARFLARE COMMUNICATIONS, INC. reassignment SOLARFLARE COMMUNICATIONS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: POPE, STEVEN L., RIDDOCH, DAVID
Assigned to SOLARFLARE COMMUNICATIONS, INC. reassignment SOLARFLARE COMMUNICATIONS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: POPE, STEVEN L., RIDDOCH, DAVID
Publication of US20110202983A1 publication Critical patent/US20110202983A1/en
Assigned to COMERICA BANK, AS AGENT, A TEXAS BANKING ASSOCIATION reassignment COMERICA BANK, AS AGENT, A TEXAS BANKING ASSOCIATION SECURITY AGREEMENT Assignors: SOLARFLARE COMMUNICATIONS, INC., A DELAWARE CORPORATION
Assigned to SOLARFLARE COMMUNICATIONS INC. reassignment SOLARFLARE COMMUNICATIONS INC. CHANGE OF ADDRESS OF THE ASSIGNEE Assignors: SOLARFLARE COMMUNICATIONS INC.
Assigned to SOLARFLARE COMMUNICATIONS, INC. reassignment SOLARFLARE COMMUNICATIONS, INC. RELEASE OF SECURITY INTEREST Assignors: COMERICA BANK
Assigned to SOLARFLARE COMMUNICATIONS, INC. reassignment SOLARFLARE COMMUNICATIONS, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: COMERICA BANK
Publication of US9210140B2 publication Critical patent/US9210140B2/en
Application granted granted Critical
Assigned to PACIFIC WESTERN BANK reassignment PACIFIC WESTERN BANK SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SOLARFLARE COMMUNICATIONS, INC.
Assigned to ALLY BANK reassignment ALLY BANK SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SOLARFLARE COMMUNICATIONS, INC.
Assigned to SOLARFLARE COMMUNICATIONS, INC. reassignment SOLARFLARE COMMUNICATIONS, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: PACIFIC WESTERN BANK
Assigned to SOLARFLARE COMMUNICATIONS, INC. reassignment SOLARFLARE COMMUNICATIONS, INC. RELEASE OF INTELLECTUAL PROPERTY SECURITY AGREEMENT Assignors: ALLY BANK
Assigned to XILINX, INC. reassignment XILINX, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SOLARFLARE COMMUNICATIONS, INC.
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Definitions

  • This invention relates to network interface devices and methods for securely selecting the function set of an electronic device by means of a novel network interface device.
  • Chip functions may be enabled or disabled in hardware through the use of programmable registers defining the capabilities of the chip, through the use of external components connected to the chip so as to cripple certain functions, or by brute-force, such as removing external pins or destroying certain areas of the chip.
  • chip functions may be enabled or disabled through the use of different versions of firmware operating on or in combination with the chip.
  • firmware With respect to the use of firmware to enable or disable certain functions in hardware, it is well-known for firmware to be updateable by an end user through the use of software and hardware tools, or by replacing the chip carrying the firmware. However, these methods require the interaction of the end user (whose technical skill is unknown and could be very limited) and do not provide a secure channel through which updates to the product functionality can be applied. In some cases, it is also possible for programmable chip registers to be reset but this typically requires specialist hardware which is not available to the end user and requires the product to be returned to the vendor.
  • a network interface device providing a set of functions in hardware and being operable in first and second modes: in a first mode, the network interface device being configured to operate with a selected configuration of the set of functions; and in a second mode, the network interface device being operable to select a particular configuration of the set of functions in accordance with configuration instructions received at the network interface device; the network interface device being configured to, on receiving a network message having one or more predetermined characteristics and comprising an authentication key and one or more configuration instructions defining a particular configuration of the set of functions: verify the authentication key; and
  • the configuration instructions defining the particular configuration of the set of functions may comprise one or more of:
  • the network message comprises one or more data packets received in accordance with a predetermined messaging protocol.
  • the protocol may be the Intelligent Platform Management Interface protocol, or an extension thereof.
  • the network interface device is configured to enter the second mode on receiving the network message.
  • the network interface device can be configured to enter the second mode on successfully verifying the authentication key.
  • the configuration instructions are encrypted and the authentication key is the encrypted configuration instructions.
  • the network interface device can be configured to verify the authentication key by decrypting the encrypted configuration instructions, the authentication key being successfully verified if the encrypted configuration instructions are successfully decrypted.
  • the authentication key is one of a password, a cryptographically-signed certificate, a pseudorandom number or a hash of a set of predetermined data.
  • the network interface device is configured to verify the authentication key in accordance with the Transport Layer Security (TLS) protocol or Internet Protocol Security (IPsec) protocol.
  • TLS Transport Layer Security
  • IPsec Internet Protocol Security
  • the network message is received from a local network entity and the configuration instructions comprised in said network message originate at a remote network entity, the local network entity being a proxy for the remote network entity.
  • a cryptographic pair of keys and the authentication key is generated using a private cryptographic key of the pair.
  • a public cryptographic key of the pair is stored at the network interface device and the network interface device is configured to verify the authentication key using the public key.
  • the network interface device is configured to use the public key to establish an encrypted channel over which the network message is received.
  • the private key is stored at a network entity from which the configuration instructions originate, the said network entity being configured to generate the authentication key and transmit the authentication key and configuration instructions to the network interface device.
  • the network entity may be accessible to the network interface device over the internet.
  • the network interface device includes a Trusted Platform Module and the Trusted Platform Module holds the public key.
  • the endorsement key of the Trusted Platform Module may be used to establish the encrypted channel.
  • the encrypted channel is established in accordance with the Transport Layer Security (TLS) protocol or Internet Protocol Security (IPsec) protocol.
  • TLS Transport Layer Security
  • IPsec Internet Protocol Security
  • the network interface device is configured to verify the authentication key at a state machine or processor of the network interface device.
  • the network interface device is configured to message its device driver supported at a data processing system attached to the network interface device to indicate that the function set of the network interface device has changed.
  • the network interface device is configured to accept the network message in a low power state.
  • the network interface device further comprises a management controller operable to perform said verification of the configuration instructions and cause the selection of the particular configuration of the set of functions defined in the configuration instructions, the management controller being active in the low power state.
  • the network interface device is attached to a data processing system comprising a Baseboard Management Controller and the network interface device is configured to pass Intelligent Platform Management Interface messages received at the network interface device to the Baseboard Management Controller.
  • the network interface device may be configured to message the Baseboard Management Controller to indicate that the function set of the network interface device has changed.
  • the network interface device may further comprise a non-volatile memory and be configured to store the received configuration instructions in said memory and at a later time to perform the selection of the particular configuration of the set of functions defined in the configuration instructions of the network message at the instigation of a software entity supported at a data processing system attached to the network interface device.
  • the network interface device is coupled to one or more other devices each providing a set of functions in hardware and each being operable to select a particular configuration of their set of functions in accordance with configuration instructions received at the network interface device, the network interface device being configured to cause each of the one or more other devices to select a particular configuration of their set of functions in accordance with the configuration instructions defined in the network message.
  • the network interface device is operable to successfully verify at least two different authentication keys including a first authentication key and a second authentication key, the second authentication key having a lower privilege level than the first authentication key.
  • the first authentication key permits the network interface device to configure any of the set of functions of the network interface device and the second authentication key permits the network interface device to configure a subset of the set of functions of the network interface device.
  • the first authentication key on being successfully verified by the network interface device, allows the network interface device to enable one or more hardware functions; and the second authentication key, on being successfully verified by the network interface device, allows the network interface device to modify one or more parameters of the hardware functions but does not allow the network interface device to enable one or more hardware functions.
  • the first authentication key is generated at a first network entity holding a private key and the second authentication key is generated at a second network entity holding a cryptographic key generated using that private key.
  • the first network entity may be accessible to the network interface device over the internet.
  • the second network entity is operable to transmit a network message comprising configuration instructions and the second authentication key to the network interface device in accordance with the IPMI protocol.
  • the second network entity is on a network local to the network interface device.
  • the network interface device may be one of a network interface card, a switch or a router.
  • a method for selecting a configuration of a set of hardware functions of a network interface device comprising: receiving at a network interface device a network message having one or more predetermined characteristics, the network message comprising an authentication key and configuration instructions defining a particular configuration of a set of functions of the network interface device; in response to receiving the network message, verifying the authentication key at the network interface device; and if the authentication key is successfully verified, selecting the particular configuration of the set of functions defined in the configuration instructions of the network message.
  • a network interface device and a baseboard management controller providing a set of functions in hardware and being operable in first and second modes: in a first mode, the network interface device being configured to operate with a selected configuration of the set of functions; and in a second mode, the network interface device being operable to select a particular configuration of the set of functions in accordance with configuration instructions received at the network interface device; the network interface device being configured to, on receiving a network message having one or more predetermined characteristics and comprising an authentication key and one or more configuration instructions defining a particular configuration of the set of functions, pass the configuration instructions and authentication key to the baseboard management controller which: verifies the authentication key; and if the authentication key is successfully verified, causes the network interface device to select the particular configuration of the set of functions defined in the configuration instructions of the network message.
  • the network interface device is further configured to pass Intelligent Platform Management Interface messages received at the network interface device to the Baseboard Management Controller.
  • a system for selecting a configuration of hardware functions of an electronic device comprising:
  • an electronic device operable to select a configuration of its set of hardware functions
  • a network interface device coupled to the electronic device and operable to cause the selection of a particular configuration of the set of functions of the electronic device in accordance with configuration instructions received at the network interface device; wherein the network interface device is configured to, on receiving a network message having one or more predetermined characteristics and comprising an authentication key and configuration instructions defining a particular configuration of the set of functions: verify the authentication key; and if the authentication key is successfully verified, cause the selection at the electronic device of the particular configuration of the set of functions defined in the configuration instructions of the network message.
  • the electronic device and the network interface device are both supported at a data processing system.
  • the electronic device is a peripheral device of the data processing system, such as a display adaptor or I/O controller.
  • the electronic device is a component of a data processing system supporting the network interface device.
  • the network interface device is configured to cause the selection at the electronic device of the particular configuration of the set of functions defined in the configuration instructions of the network message by storing the configuration instructions at a non-volatile memory of the network interface device optionally along with data indicating that the network interface device has configuration instructions for the electronic device.
  • the selection at the electronic device of the set of functions defined in the configuration instructions of the network message is performed at the instigation of a software entity supported at the data processing system attached to the network interface device.
  • a method for selecting a configuration of hardware functions of an electronic device coupled to a network interface device comprising: receiving at a network interface device a network message having one or more predetermined characteristics, the network message comprising an authentication key and configuration instructions defining a particular configuration of a set of functions of an electronic device coupled to the network interface device; in response to receiving the network message, verifying the authentication key at the network interface device; and if the authentication key is successfully verified, causing the selection at the electronic device of the particular configuration of the set of functions defined in the configuration instructions of the network message.
  • a method for conducting a transaction between a vendor of a network interface device and a customer operating a data processing system supporting the network interface device, the network interface device having one or more functions which are disabled in hardware and comprising a cryptographic key comprising: the customer acquiring from the vendor access to one of the said functions and providing one or more identifiers of the network interface device to the vendor; the vendor transmitting to the customer a network message comprising an authentication key and configuration instructions operable to cause the network interface device to enable one or more of the disabled functions of the network interface device; the customer allowing the authentication key and configuration instructions to pass to the network interface device over a network to which the network interface device is attached; using the cryptographic key, verifying the authentication key at the network interface device; and if the authentication key is successfully verified, causing the network interface device to enable the one or more of the disabled functions of the network interface device specified in the configuration instructions; wherein the authentication key is selected by the vendor in dependence on the identifier of the network interface device
  • FIG. 1 is a schematic drawing of a data processing system supporting a network interface device configured in accordance with the present invention.
  • FIG. 2 is a schematic drawing of a network interface device configured in accordance with the present invention.
  • FIG. 3 is a schematic drawing of a network interface device and trusted network entity configured in accordance with the present invention.
  • FIG. 4 is a schematic drawing of a network interface device, trusted network entity and intervening proxy network entity configured in accordance with the present invention.
  • the present invention is directed to a network interface device which has the ability to modify the set of functions it, or another device to which the network interface is coupled, can perform in response to receiving configuration instructions over the network to which it is connected.
  • the present invention is directed to selectively enabling additional functions in devices (including network interface devices) which are capable of performing those additional functions but which have been shipped with those additional functions disabled.
  • the network interface device is configured to verify the configuration instructions it receives by means of an authentication key included in the instructions. This allows the network interface device to be sure that the instructions originate from a trusted entity (such as a device vendor or administration server).
  • FIG. 1 A schematic drawing of a system configured in accordance with the present invention is shown in FIG. 1 .
  • network interface card or device (NIC) 102 provides an interface between network 105 and data processing system 101 .
  • NIC 102 communicates with the data processing system over bus 110 (such as a PCI, PCI-X or PCI-E bus) and is connected to the network by data link 106 (such as an Ethernet connection).
  • the data processing system could support one or more peripheral devices 103 and 104 , typically also via communication buses 111 .
  • a data processing system will include a processor 107 , memory 108 and other devices 109 integral to the data processing system, such as onboard data controllers, graphics subsystems and audio subsystems.
  • network interface device 102 is operable to select the set of functions it provides in hardware in accordance with instructions received over the network.
  • a schematic diagram of network interface device 102 is shown in FIG. 2 .
  • NIC 102 includes a processor 205 , memory 208 and receive circuitry 206 , although these components need not be distinct and could be combined in a single integrated circuit.
  • the connections between the components shown in FIG. 2 are illustrative only; the components of NIC 102 may be connected in any suitable arrangement.
  • NIC 102 is connected over network 105 to trusted entity 301 .
  • Trusted instructing entity 301 is configured to send configuration instructions to NIC 102 in accordance with the method described below.
  • the NIC is only responsive to instructions received from trusted instructing entity 301 and will not process instructions received from untrusted entity 303 .
  • NIC 102 is configured to ignore any configuration instructions received from an untrusted entity, such as entity 303 , because untrusted entity 303 cannot provide the necessary authentication key to NIC 102 .
  • Trusted instructing entity 301 may be any kind of server, switch or embedded control processor (to name a few of the many possibilities). Specifically, the entity can be a program executing on such hardware. In certain situations (such as when the trusted instructing entity and target device are separated by a firewall), the trusted instructing entity may have a proxy entity accessible to the target device (e.g. behind the firewall) which mirrors the behaviour of the trusted instructing entity or relays messages from the trusted instructing entity onto the target device. This is discussed further below in relation to FIG. 4 .
  • configuration instructions are communicated to the NIC in accordance with a predetermined protocol defining the format of the data exchanged between the NIC and the trusted instructing entity, and other parameters of the communication, such as the steps of a handshake used to establish communications.
  • a protocol used is a challenge-response protocol employing cryptographic authentication, such as Transport Layer Security (TLS) or Internet Protocol Security (IPsec) protocol (with the communication being secured at the transport and internet layers, respectively).
  • TLS Transport Layer Security
  • IPsec Internet Protocol Security
  • less secure methods could be used, such as a simple secret password-based authentication method.
  • the configuration data is of a predetermined form and/or includes one or more identifiers.
  • the receive circuitry 206 of NIC 102 is configured to detect when configuration data is received from a network entity and to cause the NIC to process the configuration data in accordance with the methods described herein.
  • Configuration data may be identified by the receive circuitry on the basis of any suitable distinguishing characteristics, including one or more of:
  • NIC 102 is configured to receive internet protocol (IP) data packets and the configuration data comprises one or more IP data packets that include an identifier in their header to indicate to receive circuitry 206 that those data packets carry configuration data.
  • IP internet protocol
  • the packets can be Ethernet packets or an extension to a management protocol such as IPMI. This is discussed further below.
  • Configuration data comprises all of the data received from a trusted entity at a NIC which relates to the provision of configuration instructions to the NIC.
  • the configuration data therefore includes the messaging and preamble associated with establishing a connection between the NIC and trusted entity in accordance with the predetermined protocol and, if the connection is successfully established, the configuration instructions themselves.
  • the NIC 102 is configured to only carry out those configuration instructions which can be authenticated as being received from a trusted entity. It is greatly preferable if this is the only way in which the hardware function set of the NIC can be modified.
  • the configuration data therefore includes (at some point in the communications between the NIC and trusted entity) an authentication key from the entity sending the configuration instructions to indicate to the NIC that the entity is indeed trusted entity 301 .
  • the authentication key could be a password, a security certificate, a pseudorandom number (for which the NIC understands the generator sequence) or a hash of a set of predetermined data (such as a secret word known to the NIC, a timecode, an identifier of the trusted entity, etc.).
  • the authentication key can be the encrypted instructions themselves, with the authentication key being successfully verified if the instructions are successfully decrypted.
  • the instructions preferably include a verifiable checksum or hash so that the network interface device can determine whether the configuration instructions have been successfully decrypted.
  • communications between the NIC are established over a secure channel.
  • this has the advantage that man-in-the-middle attacks are much more difficult because the NIC can be sure that all of the packets came from the same entity.
  • Authentication, verification and decryption/encryption functions can be performed at a state machine or processor located at the network interface device.
  • the trusted entity holds a private key and the NIC holds a public key, the two keys together belonging to a cryptographic pair.
  • the keys can be used to establish a secure communication channel between the NIC and trusted entity and to encrypt data communicated over that channel. Suitable protocols are known in the art (e.g. TLS and IPsec).
  • TLS and IPsec Suitable protocols are known in the art (e.g. TLS and IPsec).
  • the preferred embodiment is based on the principle that the trusted entity keeps the private key secret and therefore any authentication keys generated by that key or any data encrypted using that key must have originated at the trusted entity.
  • the public key of the pair which is stored at the NIC can be used to verify an authentication key generated using the private key or decrypt data encrypted by the private key (or a derivative thereof).
  • the NIC can be sure that the configuration instructions originated at the trusted entity and the trusted entity can be sure that only the intended NIC with the correct public key can use the configuration instructions.
  • the private key could be stored at the NIC and the public key stored at the trusted entity but this is not preferred because a typical vendor will ship their NICs to customers all over the world, giving malicious parties the opportunity to examine a NIC and potentially (although unlikely) to extract its key.
  • having the public key at the NIC allows there to be fewer private keys (perhaps only one) than there are public keys, with each public key being able to decrypt data encrypted by the group of private keys or their derivatives.
  • the private key(s) must be physically secure. This architecture makes it very difficult for a party to modify the function set of a single NIC, and almost impossible to modify the function set of many NICs (as would be present in a corporate network).
  • the trusted entity On initiation of a secure channel between the NIC and the trusted entity, the trusted entity transmits a message to NIC 102 indicating that it wants to send configuration instructions to the NIC. It can be advantageous if the NIC can decline the request. This can be useful in cases in which the NIC is supporting other communication channels and would be required to drop those channels in order to process the configuration instructions, or the NIC could be configured to decline requests which are sent between predetermined hours or on predetermined days. If the NIC accepts the request, the NIC and trusted entity may optionally establish a secure encrypted connection between themselves (preferably secured using the private key held at the trusted entity and the public key held at the NIC).
  • the trusted entity can transmit the configuration instructions to a proxy entity local to the network interface device according to this scheme and the proxy can then appropriately schedule the application of the configuration update. It is advantageous if the proxy has its own cryptographic key with which it can verify configuration instructions received from the trusted entity/set up a secure connection between the trusted and proxy entities. This cryptographic key may be generated by the trusted entity in the manner described below.
  • the trusted entity transmits the configuration instructions to the NIC/proxy entity (as appropriate), preferably in encrypted form. If the proxy receives the configuration instructions and authentication key, it may store them for later application to the NIC as part of a scheduled update. Once the NIC receives the configuration instructions and authentication key (possibly via the proxy), the NIC verifies the authentication key and updates its function set in accordance with the configuration instructions. Following the updating of the NIC's function set, a message may be transmitted to the trusted entity to indicate that the configuration instructions were successfully applied.
  • the NIC may optionally include a Trusted Platform Module (TPM) 207 in accordance with the specification published by the Trusted Computing Group (TCG).
  • TPM Trusted Platform Module
  • TCG Trusted Computing Group
  • the TPM could be used to store the public key assigned to the NIC.
  • a TPM could be present in data processing system 101 , with the NIC being capable of querying the system TPM in order to use the stored public key.
  • the endorsement key of the TPM could be used to authenticate the identity of the NIC in accordance with the TCG specification and additional information could be stored in the TPM memory to allow the NIC to authenticate the identity of the trusted entity.
  • the information could include a hash derived from the cryptographic key held by the trusted entity, parameters for generating a pseudorandom number sequence used by the trusted entity, etc.
  • the trusted entity could provide a security certificate issued by a certificate authority to authenticate its identity, as is well known in the art.
  • the trusted entity transmits configuration instructions along with an authentication key to the NIC without first establishing a connection between the two.
  • the authentication key can be a cryptographic hash or digital certificate (or in any other form described in the embodiments above) which is generated using a private key held at the trusted entity, with the NIC having a public key which is used to validate the authentication key.
  • the configuration instructions could be encrypted at the trusted entity using its private key, with the public key at the NIC being used to decrypt (and therefore also validate) the configuration instructions.
  • the NIC indicates to the trusted entity whether it will accept the instructions and/or whether the instructions have been successfully applied. The same considerations apply with regard to the detection of configuration data at the receive circuitry of the NIC.
  • the NIC On receiving a set of valid configuration instructions from a trusted entity whose identity has been validated, the NIC performs the instructions of the set or writes the instructions to a memory (preferably to the non-volatile memory of the NIC 208 or a memory of the data processing system 108 ) for the instructions to be later applied by the NIC or a software, firmware or hardware entity of data processing system 101 .
  • the NIC stores the received configuration instructions in its non-volatile state memory 208 and then enters a configuration mode in which the NIC can safely apply the configuration instructions.
  • NIC 102 provides a set of functions defined in hardware and/or firmware (such as data throughput, half or full-duplex operation, Wake-on-LAN functionality, etc.), one or more of which can be enabled or disabled by the NIC.
  • the functions of the NIC can be enabled or disabled by one or more of: changing the state of one or more hardware switches, modifying entries in a hardware register or function table defining the functions the NIC can perform, and updating firmware stored at the NIC. In this manner the set of functions provided at the NIC can be modified.
  • one or more hardware switches could be used to switch on and off portions of circuitry which provide additional functions at the NIC: if the circuitry is switched on, the additional functions are enabled; if the circuitry is switched off, the functions are disabled. In a second example, one or more switches are used to select between different modes or clock speeds. In a third example, the values written to a hardware register determine the set of functions active at the NIC: on boot-up the hardware consults the entries in the register and operates with the function set indicated therein.
  • the present invention provides a secure method by which the function set of a network interface device can be remotely selected. This method addresses the problems identified in the prior art and has several useful applications.
  • the function set of the NIC can comprise any number of different functions, including:
  • the virtual network interfaces presented by the NIC in particular, the PCIe physical functions, IOV virtual functions and parameters such as the degree of Receive Side Scaling (RSS).
  • the function set of the NIC could include the parameters of any of these interfaces, allowing the configuration of the interfaces presented by the NIC to be configured in accordance with the mechanisms of the present invention.
  • QoS Quality of Service
  • the network parameters of the NIC such as IP address and maximum transmission unit (MTU) size, virtual LAN (VLAN) identifiers.
  • MTU maximum transmission unit
  • VLAN virtual LAN
  • Network state associations for example, it is advantageous if the NIC can store the state for the connections of a particular guest operating system in a virtualised system such that if the guest OS migrates between servers the state can be transferred to the NIC of that server.
  • trusted entity 301 is operated by the vendor of NIC 201 so as to allow remote unlocking of functions which are disabled in hardware at the NIC.
  • the public key is written to the NIC by the vendor during manufacture of the NIC, with the vendor holding the private key of the cryptographic pair.
  • the public key is written to “tamper-proof” write-once memory. If the vendor of the NIC is the trusted entity, the vendor can arrange that the NIC does not carry out configuration instructions unless they are verified as originating from the vendor (the carrier of the private key).
  • a NIC allows a public key to be written to it so as to allow the party writing the key to remotely manage the functions set accessible at the NIC.
  • a system administrator holding the private key of the pair could securely manage a group of computers having NICs configured in accordance with the present invention and loaded with a predetermined public key. This allows a system administrator to remotely control the set of functions provided in hardware at each NIC on the administrator's network.
  • a network interface device as described above can be further configured to set the function set of another device which is enabled to receive configuration instructions.
  • the other device may be any device local to NIC 102 , such as an onboard I/O controller 109 supported at data processing system 101 , the data processing system 101 itself, or a peripheral device 103 or 104 .
  • the NIC may be coupled to the device via a data bus of the data processing system or any kind of direct interconnect.
  • NIC 102 receives configuration instructions from a trusted entity according to the method described herein and is configured to cause those configuration instructions to be applied to another device operable to use them.
  • a NIC configured to apply configuration instructions to another device need not be operable to modify its own function set in accordance with received configuration instructions.
  • the NIC can use a public key stored at the target device to which the configuration instructions are directed to secure communications between the trusted entity and the NIC.
  • the NIC uses its public key to secure communications between it and the trusted entity, and the target device or a software entity at data processing system 101 then performs decryption or validation of the received configuration instructions before modifying the function set of the target device.
  • a NIC operable to cause the function set of another device to be updated must know to which device a set of received configuration instructions are targeted. This may be indicated to the NIC in the configuration data transmitted to it from a trusted entity. For example, on establishing a secure connection to the NIC, the trusted entity could signal to the NIC which device of the system the trusted entity wishes to update. This allows the NIC to optionally check for the presence of the device and query the device in order to determine whether the target device can receive the configuration instructions at that time. Alternatively, the configuration instructions themselves can indicate the device to which they are directed.
  • the NIC stores the identity of each of the devices in the local system which are operable to have their function set updated in accordance with the present invention. The device identities may be entered by the manufacturer or system administrator on installing the NIC in the local system.
  • the NIC can be configured to handle the instructions in one of two ways (the NIC may have the ability to perform only one of the two options or it may be able to use either option in dependence on whether or not the NIC can directly address the target device).
  • the NIC transmits the configuration instructions to the target device and the target device updates its function set accordingly.
  • the NIC stores the configuration instructions for the other device in its memory 208 or in a memory 108 of the data processing system to which it is attached.
  • NIC This allows the NIC to apply configuration instructions to devices which it cannot access without cooperation from data processing system 101 (for example, devices on other buses), or to devices which are not switched on or connected to the NIC/data processing system at the time the configuration instructions are received (such as wireless printers or external storage).
  • the NIC may receive the configuration instructions when the data processing system is in a low power state (e.g. switched off or in standby or hibernation mode) and therefore in some circumstances cannot communicate with the target device of the system.
  • a low power state e.g. switched off or in standby or hibernation mode
  • this problem can be solved by either allowing the NIC to wake the target device or an intervening data bus, or causing the configuration instructions to be processed the next time the system as a whole enters a higher power state when the target device is accessible.
  • the NIC can either (a) apply the configuration instructions to a target device itself, or (b) cause the data processing system or a software entity supported at the data processing system to apply the configuration instructions to a target device.
  • the NIC may be a peripheral device in the target system or the NIC could be supported at the mainboard of the system.
  • the application of configuration instructions to a device configured in accordance with the present invention comprises enabling or disabling hardware functionality and/or firmware functions by one or more of:
  • Configuration instructions stored at a memory of the NIC or data processing system could be applied to the target device in several ways.
  • An application, component of the operating system, or firmware stored at the data processing system (such as the BIOS) could pick up the stored configuration instructions and apply them to the target device (which could be the NIC) at a suitable time. For example, this could occur during boot-up of the data processing system or at the initiation of a system administrator (perhaps from a remote computer).
  • the NIC can indicate to the data processing system that configuration instructions have been received so as to alert the appropriate functionality of the operating system, an application or the BIOS that a set of configuration instructions are ready to be applied. This could be by means of a flag or other identifier set at the NIC, or the presence of the configuration instructions in memory could itself be sufficient.
  • the NIC or other target device may be required to enter a configuration mode in which the NIC or other target device can safely update its function set.
  • the NIC/other device may be unresponsive to all communications and stop performing its normal functions. This allows the NIC/device minimise the risk of rendering itself inoperable as a result of enabling or disabling functions in hardware, updating its firmware etc.
  • the network interface device 102 has been described above as an interface card for a data processing system 101 , such as a desktop, laptop computer or server.
  • network interface device 102 could be any kind of network interface configured in accordance with the present invention and could be a communication interface of, for example, a switch, a router, a printer, a handheld multimedia device or a portable telephone.
  • NIC 102 could be a wired or wireless network interface.
  • the data processing system and NIC In order to deal with the situation in which the data processing system supporting the target NIC is in a low power state, it is advantageous for the data processing system and NIC to support at least some of the operations of the present invention in the low power state.
  • the NIC is configured to be operable to receive configuration instructions in a low power state and this is the preferred mode in which configuration instructions are received and applied in a system configured in accordance with the present invention. This allows configuration changes to be effected when the target system is not being used, or at a time selected by the system administrator.
  • the trusted entity can transmit management or Wake-on-LAN packets to the target system so as to cause the target system to at least raise its power state (or that of a target device) such that the configuration instructions can be received and applied. This may be required in certain circumstances—for example, if configuration instructions are received for a device which is powered down.
  • a target system supporting a NIC in accordance with the present invention might include a low power management subsystem that is active in the low power state.
  • a system would include a Baseboard Management Controller (BMC) 112 , with the NIC being configured to filter incoming data packets and deliver those packets recognized as carrying instructions for the BMC to the BMC.
  • BMC Baseboard Management Controller
  • these will be packets of the Intelligent Platform Management Interface (IPMI) and the NIC will pass them to BMC 112 using the Network Controller Sideband Interface (NC-SI).
  • IPMI Intelligent Platform Management Interface
  • N-SI Network Controller Sideband Interface
  • the NIC is configured to support additional management packets to the set of packets of a management protocol (such as IPMI packets) supported by the system.
  • a management protocol such as IPMI packets
  • This is preferably implemented at the NIC by configuring an extended set of filters at receive circuitry 206 to trap the additional management packets (as well as the regular packets of the management protocol), even when the data processing system and network interface device are in a low power state.
  • the management packets are passed by the NIC to the management controller of the system (the BMC) and either the NIC or the BMC can be configured to handle the verification and configuration steps of the present invention.
  • the NIC is configured to handle packets carrying configuration instructions and the necessary authentication keys, this is preferably performed at its own internal management controller (MC) 209 .
  • MC internal management controller
  • the present invention can utilise a sideband management subsystem to allow configuration instructions to be transmitted to the target system when the target system is in a low power state.
  • the management circuitry (BMC) of the system is configured to perform the authentication and processing of the configuration instructions, with the command set recognised by the BMC being extended to include the commands carried in the additional management packets.
  • the authentication of received authentication keys may be performed with the support of a Trusted Platform Module of the data processing system, as discussed above.
  • the NIC need only perform the filtering (interception) of packets directed to the BMC (which includes packets carrying configuration instructions) and pass those packets (or their contents) onto the BMC which performs all other aspects of the present invention (such as verification etc.).
  • the BMC is configured to cause successfully verified configuration instructions to be applied to the network interface device—in other words, the network interface device is operable to receive configuration instructions from the BMC and configure itself in accordance with those instructions.
  • the BMC can store a cryptographic key for one or more devices of the system and the BMC is able to effect the modification of hardware functionality at one or more devices of the system.
  • the present invention could operate with a basic Wake on LAN (WoL) architecture, with the trusted entity transmitting a WoL “magic packet” to the NIC prior to sending configuration instructions. If the NIC is in a low power state, the magic packet triggers the NIC to wake the I/O bus and main processor of the target system 101 .
  • WiL Wake on LAN
  • the trusted entity prefferably configured to query the target system in order to determine whether it is in a low power state. If the target system is found to be in a low power state the trusted entity can message the BMC/send a magic packet (as appropriate) in order to move the target system to the required power state in which configuration instructions can be applied.
  • the administrator of the network that includes the target NIC may be required to configure a virtual private network (VPN) between the trusted entity and the target NIC so as to allow the management messages/magic packet to reach the NIC.
  • VPN virtual private network
  • Proxy trusted entity 402 is accessible to NIC 102 over local network 401 (which could be a corporate network). Proxy trusted entity 402 is also accessible to trusted entity 301 over non-local network 105 (which could be the internet).
  • the proxy entity is operable to receive configuration instructions for the target NIC 102 from trusted entity 301 in accordance with any of the authentication/encryption methods described above.
  • target NIC 102 is operable to receive those configuration instructions from the proxy. Since the proxy is local to NIC 102 , it can transmit management packets to the NIC, which allows (in accordance with the preferred embodiment) the configuration instructions to be transmitted to the NIC in one or more management packets.
  • the management packets are preferably defined in an extension of a known management protocol (such as IPMI) utilised at the target system.
  • Trusted entity 301 and proxy trusted entity 402 preferably include cryptographic keys 405 and 404 , respectively.
  • Cryptographic key 405 is used to authenticate configuration instructions sent proxy the trusted entity.
  • Cryptographic key 404 is used to authenticate the proxy to NIC 102 and can also be used to authenticate configuration instructions which originate at the proxy (for example, instructions which are used to configure the NIC but do not modify the hardware functions of the NIC).
  • the proxy is a trusted entity in its own right, although typically of a lower privilege level, and the proxy uses its cryptographic key to generate the authentication keys it provides with its configuration instructions.
  • cryptographic keys 404 and 405 are both generated from a private key held by the trusted entity, and NIC 102 may include one or more public keys which correspond to the authentication keys sent by the trusted/proxy entities.
  • NIC 102 may include one or more public keys which correspond to the authentication keys sent by the trusted/proxy entities.
  • various other arrangements are envisaged and will be apparent to a person of skill in the art.
  • trusted entity 301 can determine the privilege level of other network entities.
  • the trusted entity can be configured to generate an authentication or public key for another entity (such as a proxy entity or management server local to the target NIC) which gives the holder of that key configuration rights up to a particular privilege level.
  • another entity such as a proxy entity or management server local to the target NIC
  • configuration instructions sent along with that authentication key may only configure those predetermined functions over which that privilege level has control.
  • Functions which are only configurable by network entities having a higher privilege level cannot be modified by the network entities having a lower privilege level.
  • An authentication key may indicate to a target NIC that the originating network entity has a particular privilege level by one of several mechanisms, including:
  • the authentication key corresponds to a public key stored at the NIC having a predetermined privilege level
  • the authentication key includes a privilege level indicator signed by the trusted entity which indicates the privilege level of the holder of that authentication key.
  • a proxy server in order to mediate the transaction between the trusted entity and the target machine.
  • the use of a proxy allows configuration instructions to be delivered to the target machine asynchronously (i.e. the target machine does not require a live connection to the trusted entity).
  • the proxy can connect to the trusted entity in order to download the configuration instructions for one or more target devices on the network and then store those devices until a later time, such as during an update cycle or overnight when the target machines are in a low power state.
  • the proxy could allow the configuration instructions to be written to a bootable disc or portable drive, such as a USB memory stick, which can be used to supply the configuration instructions to the target machine.
  • the configuration instructions can be delivered to the proxy as a message having, very generally, the form:
  • NIC 102 is a gigabit Ethernet device capable of operating at 1 Gbps or 10 Gbps and which of these two functions the NIC is configured to perform may be selected in hardware.
  • a public cryptographic key is written to the NIC by the vendor during manufacture and the choice of either 1 Gbps or 10 Gbps functionality is selected. Only the vendor can set the functions of the NIC in hardware. The private key of the cryptographic pair is held by the vendor.
  • the customer wants to upgrade their NIC to support the 10 Gbps function.
  • Conventionally, such an upgrade would require the customer to purchase a new NIC, or return the NIC to the vendor to allow the 10 Gbps function to be selected in hardware.
  • the present invention allows the vendor to remotely select the function set offered by the NIC.
  • the customer contacts the vendor, pays an upgrade fee and provides sufficient information for the trusted entity provided by the vendor to address the NIC over the relevant networks (which may include the Internet).
  • the trusted entity of the vendor transmits the appropriate configuration instructions to the NIC so as to cause the NIC to enable the 10 Gbps function.
  • Display device 102 comprises a 3-D graphics processor having 64 texture units and supporting a maximum clock speed of 750 MHz.
  • these functions of the graphics processor can be configured at a hardware register of the display device, with the number of texture units being selectable between 16, 32 and 64, and the clock speed being selectable between 450, 650 and 750 MHz.
  • the firmware of the display device may be updated to reflect the enabled functions of the device.
  • the end-user of the data processing system supporting the display device purchased the system, they only paid for a display device having 32 texture units enabled and a 650 MHz clock speed. At some later date the end-user wishes to pay to enable the full functionality of the display device so as to allow the system to support the latest videogames. Because the data processing system includes a NIC configured in accordance with the present invention, the end-user can purchase the additional functionality from the appropriate vendor and have the new function set applied remotely to their display device by means of the NIC.
  • a network interface device 102 configured in accordance with the present invention is installed in the data processing system.
  • One or more of the other devices present in the data processing system are operable to have their function sets updated according to the method described above.
  • the data processing system comprises one or more devices (this may or may not include the NIC itself) whose function sets may be determined in hardware and/or firmware and a NIC 102 operable to configure those function sets by means of communication over a network with a trusted entity.
  • a data processing system is assembled from a selection of pre-configured hardware devices which match the specification ordered by the customer.
  • each of the hardware devices is pre-loaded with the appropriate firmware and the hardware functions provided by each device are either non-configurable or preset by the manufacturer of each device.
  • the manufacturer of the data processing system must therefore keep stocks of all of the devices in all of the configurations offered to their customers. This can be inefficient when different versions of the same product differ only in the set of functions which are enabled in hardware.
  • the manufacturer of the data processing system can enable or disable hardware functions and update the firmware of the devices of the system, conventional methods for performing these tasks require specialist tools and must be performed on a device-by-device basis.
  • the present invention provides a convenient method by which the manufacturer of a data processing system can quickly and easily enable or disable hardware functions and update the firmware of the devices of a newly-built system using the configuration functionality of NIC 102 .
  • the manufacturer can connect the NIC to a trusted entity (this could be by means of a simple Ethernet patch cable) and the configuration instructions for all of the devices of the system which are enabled to receive configuration instructions (and which require configuring) can be downloaded to the NIC.
  • the configuration instructions are then be applied to each of the respective devices in accordance with the teachings described herein. This allows the function sets of the devices in the system to be configured to match the specification ordered by the customer:
  • Each type (1 to 3) of public key may correspond to a different level of authority and hence a different set of device capabilities which can be modified. For instance, providing a pair to the key at the device manufacturer's level would allow access to all configurable functions of the device, whereas providing a pair to the key at the OEM level would allow access to a subset of those functions over which the OEM has been given control (perhaps by means of a licensing agreement between the device manufacturer and the OEM). Providing a pair to the key at the customer level would yield the least control over the functions of the device—this can provide a mechanism by which the device can be configured by the customer, or perhaps the customer is permitted to disable, but not enable, functions in hardware. Accordingly, the “trusted entity” referred to herein can be a machine of the device manufacturer, OEM or customer, as appropriate to the situation.
  • a NIC at a data processing system on a corporate network which also includes a trusted entity which may or may not be able to act as a proxy for a trusted entity operated by a device manufacturer/OEM external to the corporate network.
  • the trusted entity may not be local to the data processing system—for example, the corporate network could be split across several sites.
  • the NIC has stored a public key for the corporation which corresponds to a private key stored at the trusted entity.
  • the data processing system is virtualised with several guest operating systems running on the system atop a hypervisor.
  • the NIC supports a virtual NIC for each of the guest operating systems.
  • VNIC virtual NIC
  • the system administrator causes the trusted entity to transmit configuration instructions to the NIC of the target system which instruct the NIC to create the new VNIC.
  • the NIC can then transmit an event to its device driver so as to cause the hypervisor to pick up the new VNIC and map it into the new guest operating system (the hypervisor can be messaged by conventional means in order to configure the new guest operating system and instruct the hypervisor to correctly map the new VNIC).
  • the present invention can be used to securely and remotely configure a NIC at a low level.
  • the network interface device or other electronic device (such as a peripheral device for a computer system) is shipped by the manufacturer with some of the set of functions of the device disabled such that the disabled functions are not available for use at the device.
  • the device is capable of performing the disabled functions (i.e. it includes the necessary hardware and optionally the necessary firmware/software) but those functions are disabled by the vendor of the device such that the functions cannot be enabled unless a valid authentication key is received by the device.
  • a disabled function is a function that the hardware of the device is capable of performing but that is not available for use at the device whilst the function is disabled.
  • the information necessary to verify an authentication key received at the device is stored integral to the device during manufacture, or at least prior to sale of the device.
  • the information could be stored at a trusted platform module (TPM) of the device.
  • TPM trusted platform module
  • the cryptographic information required to verify configuration instructions received at the device is stored at the device in such a way that it cannot be edited or overwritten (e.g.
  • the cryptographic information is stored in a “write-once” memory), or the cryptographic information is stored in a tamper-proof memory such that any attempts to perform one or more of (a) editing, (b) over-writing or (c) directly reading the cryptographic information prevent the device from enabling any disabled functions (or alternatively, the device could render itself inoperable until “unlocked” by the vendor).
  • the vendor can ensure that only they can enable those functions of the device that are disabled when the product is sold, allowing the vendor to charge for enabling those additional functions.
  • a network interface device includes one or more functions disabled in hardware in a second mode, the network interface device being operable to enable disabled functions in accordance with configuration instructions received at the network interface device, and the network interface device being configured to, on receiving a network message comprising an authentication key and configuration instructions defining one or more hardware functions of the network interface device that are to be enabled, verify the authentication key as being valid by means of cryptographic information stored at the network interface device and, if the authentication key is successfully verified, enable the one or more functions defined in the configuration instructions of the network message.
  • the network message is received over a network to which the network interface device provides an interface.
  • the cryptographic information is preferably stored at the network interface device during manufacture and could be a cryptographic key or other data by means of which an authentication key can be verified as being valid—i.e. as being from a trusted source allowed to enable disabled functions of the network interface device.
  • a network interface device configured in accordance with the present invention could be operable to enable one or more of the following functions that are disabled during manufacture:
  • Such a device may be shipped in a default state in which the maximum link speed of the device is limited to a first speed (e.g. 10 Gbps) but the hardware of the device can in fact support a greater second link speed (e.g. 40 Gbps)—in other words, the greater second link speed is disabled at the device.
  • a first speed e.g. 10 Gbps
  • a greater second link speed e.g. 40 Gbps
  • the maximum link speed at which the device can operate increases up to the second link speed.
  • Such a device may be shipped in a default state in which the device supports only half-duplex communications over its physical ports. On enabling the device's full duplex function, the device supports full-duplex communications over its physical ports.
  • Such a device may be shipped in a default state in which the number of VNICs the device can support is limited at the device—in other words, some of the potential VNICs (or the physical resources associated with those VNICs) of the PCIe device are disabled.
  • Such a device may be shipped in a default state in which the number of PCIe physical and/or virtual functions of a PCIe NIC is limited at the device—in other words, some of the potential physical and/or virtual functions (or the physical resources associated with those functions) of the PCIe device are disabled. On enabling additional PCIe physical and/or virtual functions, the device makes additional PCIe physical and/or virtual functions available for use.
  • TCP Offload Engine A TCP Offload Engine (TOE).
  • TOE TCP Offload Engine
  • Such a device may be shipped in a default state in which the TCP Offload Engine is disabled such that the device does not support TCP offload processing at the device, although it includes the hardware necessary to perform such processing.
  • the device On enabling the TCP Offload Engine, the device supports TCP offload processing and is operable to perform such processing.
  • Such a device may be shipped in a default state in which only a subset of the total number of the physical ports of the device are enabled, with the remaining number being disabled. On enabling one or more of the disabled ports, the newly-enabled ports become available for use at the device so as to allow the device to communicate data over networks connected to the newly-enabled ports.
  • network interface device is a hardware controller operable to provide an interface between a data network and a data processing system.
  • the controller (or NIC) may be embodied as a peripheral card of a data processing system or could be an embedded component of a data processing system, such as a server, router or switch device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Small-Scale Networks (AREA)
US12/858,345 2009-08-19 2010-08-17 Remote functionality selection Active 2032-03-31 US9210140B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/858,345 US9210140B2 (en) 2009-08-19 2010-08-17 Remote functionality selection

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US23525609P 2009-08-19 2009-08-19
US12/858,345 US9210140B2 (en) 2009-08-19 2010-08-17 Remote functionality selection

Publications (2)

Publication Number Publication Date
US20110202983A1 US20110202983A1 (en) 2011-08-18
US9210140B2 true US9210140B2 (en) 2015-12-08

Family

ID=43037955

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/858,345 Active 2032-03-31 US9210140B2 (en) 2009-08-19 2010-08-17 Remote functionality selection

Country Status (2)

Country Link
US (1) US9210140B2 (fr)
EP (1) EP2288077B1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160044046A1 (en) * 2012-10-16 2016-02-11 Pieter-Jan Boone Secure, non-disruptive firmware updating
US10581861B2 (en) * 2017-09-12 2020-03-03 International Business Machines Corporation Endpoint access manager
US11113046B1 (en) * 2019-09-24 2021-09-07 Amazon Technologies, Inc. Integration and remote control of a pre-assembled computer system into a server for a virtualization service
US20220167162A1 (en) * 2019-04-12 2022-05-26 Kabushiki Kaisha Tokai Rika Denki Seisakusho Communication system and communication device
US11853771B1 (en) 2019-09-24 2023-12-26 Amazon Technologies, Inc. Offload card based virtualization of a pre-assembled computer system integrated into a server for a virtualization service
US20240143773A1 (en) * 2022-10-31 2024-05-02 Cisco Technology, Inc. Fabric-based root-of-trust

Families Citing this family (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634584B2 (en) 2005-04-27 2009-12-15 Solarflare Communications, Inc. Packet validation in virtual network interface architecture
JP4736140B2 (ja) * 2009-04-03 2011-07-27 日本電気株式会社 認証装置、サーバシステム、認証方法、認証プログラム
US8879570B2 (en) * 2009-09-04 2014-11-04 Brocade Communications Systems, Inc. Systems and methods for reconfiguring a network adapter in sleep mode
US8843607B2 (en) 2010-09-30 2014-09-23 American Megatrends, Inc. System and method for managing computer network interfaces
US9281999B2 (en) * 2010-09-30 2016-03-08 American Megatrends, Inc. Apparatus for remotely configuring network interfaces in a remote management system
US8627054B2 (en) 2010-12-29 2014-01-07 American Megatrends, Inc. Method and apparatus to create single firmware image for multiple server platforms
US8742717B2 (en) 2011-04-27 2014-06-03 American Megatrends, Inc. Method and apparatus to harness keyboard strokes and mouse movement to charge an electrical storage device
CN102760064A (zh) * 2011-04-28 2012-10-31 鸿富锦精密工业(深圳)有限公司 网卡更新装置及方法
US8874786B2 (en) * 2011-10-25 2014-10-28 Dell Products L.P. Network traffic control by association of network packets and processes
KR101386809B1 (ko) * 2012-02-29 2014-04-21 주식회사 팬택 다중 mtu를 설정하는 모바일 디바이스 및 이를 이용한 데이터 전송 방법
US9053348B2 (en) * 2012-03-26 2015-06-09 Microsoft Technology Licensing, Llc Secure cloud computing platform
US9218462B2 (en) * 2012-04-25 2015-12-22 Hewlett Packard Enterprise Development Lp Authentication using lights-out management credentials
CN103391528B (zh) * 2012-05-11 2016-12-14 南京中兴新软件有限责任公司 一种在终端侧自动配置mtu值的方法及相应装置
US8994800B2 (en) 2012-07-25 2015-03-31 Gopro, Inc. Credential transfer management camera system
JP6065540B2 (ja) * 2012-11-20 2017-01-25 富士通株式会社 通信制御装置、情報処理装置及び情報処理システム
US20140230017A1 (en) * 2013-02-12 2014-08-14 Appsense Limited Programmable security token
US10742604B2 (en) 2013-04-08 2020-08-11 Xilinx, Inc. Locked down network interface
US9426124B2 (en) 2013-04-08 2016-08-23 Solarflare Communications, Inc. Locked down network interface
US9489023B1 (en) * 2013-07-18 2016-11-08 Marvell International Ltd. Secure wake on LAN with white list
US9871792B2 (en) 2014-10-03 2018-01-16 Gopro, Inc. Hostless mDNS-SD responder with authenticated host wake service
US9807117B2 (en) * 2015-03-17 2017-10-31 Solarflare Communications, Inc. System and apparatus for providing network security
DE102015210294A1 (de) * 2015-06-03 2016-12-08 Siemens Aktiengesellschaft Clientvorrichtung und Servervorrichtung zum abgesicherten Freischalten von Funktionen eines Clients
US20160371107A1 (en) * 2015-06-18 2016-12-22 Dell Products, Lp System and Method to Discover Virtual Machines from a Management Controller
US9779230B2 (en) * 2015-09-11 2017-10-03 Dell Products, Lp System and method for off-host abstraction of multifactor authentication
US10038705B2 (en) * 2015-10-12 2018-07-31 Dell Products, L.P. System and method for performing intrusion detection in an information handling system
US10447501B2 (en) * 2015-11-24 2019-10-15 Unisys Corporation Systems and methods for establishing a VLAN on a computing system irrespective of the computer networking technology utilized by the computing system
DE102015225793B4 (de) * 2015-12-17 2017-07-06 Volkswagen Aktiengesellschaft Verfahren zur Verhinderung der Deaktivierung von Online-Diensten in einem Fahrzeug
US10433168B2 (en) * 2015-12-22 2019-10-01 Quanta Computer Inc. Method and system for combination wireless and smartcard authorization
US10079919B2 (en) 2016-05-27 2018-09-18 Solarflare Communications, Inc. Method, apparatus and computer program product for processing data
US9946256B1 (en) 2016-06-10 2018-04-17 Gopro, Inc. Wireless communication device for communicating with an unmanned aerial vehicle
US10423437B2 (en) 2016-08-17 2019-09-24 Red Hat Israel, Ltd. Hot-plugging of virtual functions in a virtualized environment
CN106603721A (zh) * 2017-01-19 2017-04-26 济南浪潮高新科技投资发展有限公司 一种远程控制的方法及系统、一种远程控制客户端
US11229023B2 (en) * 2017-04-21 2022-01-18 Netgear, Inc. Secure communication in network access points
US10771439B2 (en) * 2017-06-28 2020-09-08 Microsoft Technology Licensing, Llc Shielded networks for virtual machines
US10582636B2 (en) * 2017-08-07 2020-03-03 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Server having a dual-mode serial bus port enabling selective access to a baseboard management controller
US10721072B2 (en) 2017-09-29 2020-07-21 Xilinx, Inc. Network interface device and method
US10713392B2 (en) 2017-09-29 2020-07-14 Xilinx, Inc. Network interface device and method
US11303508B2 (en) * 2017-12-15 2022-04-12 Red Hat Israel, Ltd. Deployment state based configuration generation
TWI647617B (zh) * 2018-01-23 2019-01-11 緯創資通股份有限公司 電子裝置與其韌體更新方法
CN110971443B (zh) * 2018-09-28 2023-11-07 赛灵思公司 网络接口设备和方法
US11050635B2 (en) * 2019-02-05 2021-06-29 International Business Machines Corporation Managing bare metal networking in a cloud computing environment
US11138116B2 (en) 2019-07-29 2021-10-05 Xilinx, Inc. Network interface device supporting multiple interface instances to a common bus
DE102020001199A1 (de) * 2020-02-25 2021-08-26 Daimler Ag Kommunikationsvorrichtung und Verfahren zur kryptografischen Absicherung der Kommunikation
US11917083B2 (en) * 2021-12-15 2024-02-27 VMware LLC Automated methods and systems for performing host attestation using a smart network interface controller
US20240143708A1 (en) * 2022-10-26 2024-05-02 Dell Products L.P. Dynamic transitioning among device security states based on server availability

Citations (156)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5272599A (en) 1993-03-19 1993-12-21 Compaq Computer Corporation Microprocessor heat dissipation apparatus for a printed circuit board
US5325532A (en) 1992-09-25 1994-06-28 Compaq Computer Corporation Automatic development of operating system boot image
EP0620521A2 (fr) 1993-04-16 1994-10-19 Hewlett-Packard Company Méthode de composition dynamique de fenêtres de diologue
US5946189A (en) 1997-04-23 1999-08-31 Compaq Computer Corporation Pivotable support and heat sink apparatus removably connectable without tools to a computer processor
US6098112A (en) 1995-10-19 2000-08-01 Hewlett-Packard Company Streams function registering
US6157721A (en) 1996-08-12 2000-12-05 Intertrust Technologies Corp. Systems and methods using cryptography to protect secure computing environments
US6160554A (en) 1998-03-19 2000-12-12 Hewlett Packard Company Computer file content preview window
WO2001048972A1 (fr) 1999-12-28 2001-07-05 Mellanox Technologies Ltd. Échantillonnage adaptatif
US6304945B1 (en) 1999-05-13 2001-10-16 Compaq Computer Corporation Method and apparatus for maintaining cache coherency in a computer system having multiple processor buses
US6349035B1 (en) 2000-09-29 2002-02-19 Compaq Information Technologies Group, L.P. Method and apparatus for tooless mating of liquid cooled cold plate with tapered interposer heat sink
WO2002030130A1 (fr) 2000-10-03 2002-04-11 Sony Electronics Inc. Recepteur de radiodiffusion de faible puissance
WO2002035838A1 (fr) 2000-10-28 2002-05-02 Voltaire Limited Ensemble boitier decodeur modulaire
US20020059052A1 (en) 2000-09-12 2002-05-16 Mellanox Technologies Ltd. Co-simulation of network components
US20020112139A1 (en) 2001-02-13 2002-08-15 Krause Michael R. Highly available, monotonic increasing sequence number generation
US6438130B1 (en) 2001-06-28 2002-08-20 Mellanox Technologies Ltd. Forwarding database cache
US20020129293A1 (en) 2001-03-07 2002-09-12 Hutton John F. Scan based multiple ring oscillator structure for on-chip speed measurement
US20020140985A1 (en) 2001-04-02 2002-10-03 Hudson Kevin R. Color calibration for clustered printing
US20020156784A1 (en) 1999-04-08 2002-10-24 Hanes David H. Method for transferring and indexing data from old media to new media
US6502203B2 (en) 1999-04-16 2002-12-31 Compaq Information Technologies Group, L.P. Method and apparatus for cluster system operation
US20030007165A1 (en) 2001-07-05 2003-01-09 Hudson Kevin R. Direction-dependent color conversion in bidirectional printing
US6530007B2 (en) 1998-07-13 2003-03-04 Compaq Information Technologies Group, L.P. Method and apparatus for supporting heterogeneous memory in computer systems
US20030055900A1 (en) * 2000-02-02 2003-03-20 Siemens Aktiengesellschaft Network and associated network subscriber having message route management between a microprocessor interface and ports of the network subscriber
US20030058459A1 (en) 2001-09-26 2003-03-27 Yifeng Wu Generalized color calibration architecture and method
US20030065856A1 (en) 2001-10-03 2003-04-03 Mellanox Technologies Ltd. Network adapter with multiple event queues
US20030063299A1 (en) 2001-10-02 2003-04-03 Cowan Philip B. Color calibration method and apparatus
US20030081060A1 (en) 2001-10-29 2003-05-01 Huanzhao Zeng Method and system for management of color through conversion between color spaces
US20030172330A1 (en) 2002-03-11 2003-09-11 Barron Dwight L. Data redundancy in a hot pluggable, large symmetric multi-processor system
US20030191786A1 (en) 1999-02-01 2003-10-09 Matson Mark D. Computer method and apparatus for division and square root operations using signed digit
US20030202043A1 (en) 2002-04-24 2003-10-30 Huanzhao Zeng Determination of control points for construction of first color space-to-second color space look-up table
US20030214677A1 (en) 1998-03-26 2003-11-20 Ranjit Bhaskar Tone dependent variable halftoning wih adjustable algorithm selection
US6667918B2 (en) 2002-05-01 2003-12-23 Mellanox Technologies Ltd. Self-repair of embedded memory arrays
US20040034603A1 (en) 2002-08-14 2004-02-19 Hastings Mark Alan Transferable meter licenses using smartcard technology
US6718392B1 (en) 2000-10-24 2004-04-06 Hewlett-Packard Development Company, L.P. Queue pair partitioning in distributed computer system
US20040071250A1 (en) 2000-06-20 2004-04-15 Bunton William P. High-speed interconnection adapter having automated lane de-skew
US6728743B2 (en) 2001-01-04 2004-04-27 Mellanox Technologies Ltd. Modulo remainder generator
US6735642B2 (en) 2000-06-02 2004-05-11 Mellanox Technologies Ltd. DMA doorbell
US20040141642A1 (en) 2003-01-22 2004-07-22 Huanzhao Zeng Color space conversion using interpolation
US6768996B1 (en) 1998-10-08 2004-07-27 Hewlett-Packard Development Company, L.P. System and method for retrieving an abstracted portion of a file without regard to the operating system of the current host computer
US20040190538A1 (en) 2000-09-08 2004-09-30 Hewlett-Packard Development Company, L.P. Speculative transmit for system area network latency reduction
US20040190533A1 (en) 2003-03-27 2004-09-30 Prashant Modi Method and apparatus for performing connection management with multiple stacks
US20040190557A1 (en) 2003-03-27 2004-09-30 Barron Dwight L. Signaling packet
US20040193825A1 (en) 2003-03-27 2004-09-30 Garcia David J. Binding a memory window to a queue pair
US20040193734A1 (en) 2003-03-27 2004-09-30 Barron Dwight L. Atomic operations
US20040210754A1 (en) 2003-04-16 2004-10-21 Barron Dwight L. Shared security transform device, system and methods
US20040252685A1 (en) 2003-06-13 2004-12-16 Mellanox Technologies Ltd. Channel adapter with integrated switch
US20050008223A1 (en) 2003-07-09 2005-01-13 Huanzhao Zeng Representing extended color gamut information
US20050018221A1 (en) 2003-07-21 2005-01-27 Huanzhao Zeng Conforming output intensities of pens
US20050021968A1 (en) 2003-06-25 2005-01-27 Zimmer Vincent J. Method for performing a trusted firmware/bios update
US20050038918A1 (en) 2003-08-14 2005-02-17 Hilland Jeffrey R. Method and apparatus for implementing work request lists
US20050038941A1 (en) 2003-08-14 2005-02-17 Mallikarjun Chadalapaka Method and apparatus for accessing a memory
US20050039171A1 (en) 2003-08-12 2005-02-17 Avakian Arra E. Using interceptors and out-of-band data to monitor the performance of Java 2 enterprise edition (J2EE) applications
US20050039187A1 (en) 2003-08-12 2005-02-17 Avakian Arra E. Instrumenting java code by modifying bytecodes
US20050039172A1 (en) 2003-08-12 2005-02-17 Jeffrey Rees Synthesizing application response measurement (ARM) instrumentation
US20050066333A1 (en) 2003-09-18 2005-03-24 Krause Michael R. Method and apparatus for providing notification
US6904534B2 (en) 2001-09-29 2005-06-07 Hewlett-Packard Development Company, L.P. Progressive CPU sleep state duty cycle to limit peak power of multiple computers on shared power distribution unit
US20050172181A1 (en) 2004-01-16 2005-08-04 Mellanox Technologies Ltd. System and method for production testing of high speed communications receivers
US20050219314A1 (en) 2004-03-30 2005-10-06 David Donovan Formation of images
US20050219278A1 (en) 2004-03-30 2005-10-06 Hudson Kevin R Image formation with a flexible number of passes
US20050231751A1 (en) 2004-04-15 2005-10-20 Yifeng Wu Image processing system and method
US20050246552A1 (en) * 2004-04-29 2005-11-03 International Business Machines Corporation Method and system for virtualization of trusted platform modules
US6978331B1 (en) 1999-09-08 2005-12-20 Mellanox Technologies Ltd. Synchronization of interrupts with data packets
US20060026443A1 (en) 2004-07-29 2006-02-02 Mcmahan Larry N Communication among partitioned devices
US20060045098A1 (en) 2004-08-31 2006-03-02 Krause Michael R System for port mapping in a network
US20060126619A1 (en) 2004-12-14 2006-06-15 Teisberg Robert R Aggregation over multiple processing nodes of network resources each providing offloaded connections between applications over a network
US20060165074A1 (en) 2004-12-14 2006-07-27 Prashant Modi Aggregation of network resources providing offloaded connections between applications over a network
US20060168153A1 (en) * 2004-11-13 2006-07-27 Ben Lin Method of configuring wireless device
US7099275B2 (en) 2001-09-21 2006-08-29 Slt Logic Llc Programmable multi-service queue scheduler
US20060193318A1 (en) 2005-02-28 2006-08-31 Sriram Narasimhan Method and apparatus for processing inbound and outbound quanta of data
US7103626B1 (en) 2000-05-24 2006-09-05 Hewlett-Packard Development, L.P. Partitioning in distributed computer system
US20060228637A1 (en) 2005-04-11 2006-10-12 Jackson Bruce J Color filter
US20060248191A1 (en) 2005-04-27 2006-11-02 Hudson Charles L Aggregation of hybrid network resources operable to support both offloaded and non-offloaded connections
US7136397B2 (en) 2001-08-20 2006-11-14 Slt Logic Llc Network architecture and system for delivering bi-directional xDSL based services
US7143412B2 (en) 2002-07-25 2006-11-28 Hewlett-Packard Development Company, L.P. Method and apparatus for optimizing performance in a multi-processing system
US7149227B2 (en) 2002-05-31 2006-12-12 Mellanox Technologies Ltd. Round-robin arbiter with low jitter
US7151744B2 (en) 2001-09-21 2006-12-19 Slt Logic Llc Multi-service queuing method and apparatus that provides exhaustive arbitration, load balancing, and support for rapid port failover
US7216225B2 (en) 2000-05-24 2007-05-08 Voltaire Ltd. Filtered application-to-application communication
US7240350B1 (en) 2002-01-07 2007-07-03 Slt Logic, Llc System and method for providing communications to processes
US7245627B2 (en) 2002-04-23 2007-07-17 Mellanox Technologies Ltd. Sharing a network interface card among multiple hosts
US7254237B1 (en) 2001-01-12 2007-08-07 Slt Logic, Llc System and method for establishing a secure connection
US20070188351A1 (en) 2005-12-16 2007-08-16 Andrew Brown Hardware enablement using an interface
US20070220183A1 (en) 2002-07-23 2007-09-20 Mellanox Technologies Ltd. Receive Queue Descriptor Pool
US7285996B2 (en) 2005-09-30 2007-10-23 Slt Logic, Llc Delay-locked loop
US7316017B1 (en) 2003-01-06 2008-01-01 Slt Logic, Llc System and method for allocatiing communications to processors and rescheduling processes in a multiprocessor system
US20080024586A1 (en) 2006-07-31 2008-01-31 Rodolfo Jodra Barron System and method for calibrating a beam array of a printer
US7346702B2 (en) 2000-08-24 2008-03-18 Voltaire Ltd. System and method for highly scalable high-speed content-based filtering and load balancing in interconnected fabrics
US20080109526A1 (en) 2006-11-06 2008-05-08 Viswanath Subramanian Rdma data to responder node coherency domain
US20080115216A1 (en) 2006-10-31 2008-05-15 Hewlett-Packard Development Company, L.P. Method and apparatus for removing homogeneity from execution environment of computing system
US20080115217A1 (en) 2006-10-31 2008-05-15 Hewlett-Packard Development Company, L.P. Method and apparatus for protection of a computer system from malicious code attacks
US20080126509A1 (en) 2006-11-06 2008-05-29 Viswanath Subramanian Rdma qp simplex switchless connection
US7386619B1 (en) 2003-01-06 2008-06-10 Slt Logic, Llc System and method for allocating communications to processors in a multiprocessor system
US20080135774A1 (en) 2006-12-08 2008-06-12 Asml Netherlands B.V. Scatterometer, a lithographic apparatus and a focus analysis method
US20080148400A1 (en) 2006-10-31 2008-06-19 Hewlett-Packard Development Company, L.P. Method and apparatus for enforcement of software licence protection
US20080147828A1 (en) 2006-12-18 2008-06-19 Enstone Mark R Distributed Configuration Of Network Interface Cards
US20080148395A1 (en) * 2006-10-24 2008-06-19 Chris Brock System and method for securing settings of a computing device
US20080177890A1 (en) 1999-05-24 2008-07-24 Krause Michael R Reliable datagram via independent source destination resources
US20080209532A1 (en) * 2005-05-27 2008-08-28 Huawei Technologies Co., Ltd. Method For Implementing Access Domain Security of IP Multimedia Subsystem
US20080244060A1 (en) 2007-03-30 2008-10-02 Cripe Daniel N Electronic device profile migration
WO2008127672A2 (fr) 2007-04-11 2008-10-23 Slt Logic Llc Broche modulaire destinée à assurer une fonctionnalité mécanique, électrique et environnementale adaptable dans l'entreprise à l'aide de cartes tca avancées
US20080304519A1 (en) 2007-06-06 2008-12-11 Hewlett-Packard Development Company, L.P. Method for ethernet power savings on link aggregated groups
US20090007228A1 (en) * 2004-11-18 2009-01-01 Fortinet, Inc. Managing hierarchically organized subscriber profiles
US7518164B2 (en) 2006-03-29 2009-04-14 Mellanox Technologies Ltd. Current-triggered low turn-on voltage SCR
US20090158048A1 (en) * 2007-12-14 2009-06-18 Electronics And Telecommunications Research Institute Method, client and system for reversed access to management server using one-time password
US20090165003A1 (en) 2007-12-21 2009-06-25 Van Jacobson System and method for allocating communications to processors and rescheduling processes in a multiprocessor system
US7573967B2 (en) 2005-07-01 2009-08-11 Slt Logic Llc Input threshold adjustment in a synchronous data sampling circuit
US20090201926A1 (en) 2006-08-30 2009-08-13 Mellanox Technologies Ltd Fibre channel processing by a host channel adapter
US7580495B2 (en) 2005-06-30 2009-08-25 Slt Logic Llc Mixer-based phase control
US20090213856A1 (en) 2001-05-04 2009-08-27 Slt Logic Llc System and Method for Providing Transformation of Multi-Protocol Packets in a Data Stream
US20090268612A1 (en) 2008-04-29 2009-10-29 Google Inc. Method and apparatus for a network queuing engine and congestion management gateway
WO2009134219A1 (fr) 2008-04-28 2009-11-05 Hewlett-Packard Development Company, L.P. Débits de transmission de serveur réglables sur des connexions de fond de panier à vitesse fixe à l'intérieur d'une enceinte comprenant plusieurs serveurs
WO2009136933A1 (fr) 2008-05-08 2009-11-12 Hewlett-Packard Development Company, L.P. Procédé pour assurer l'interface entre un réseau fibre channel et un réseau basé sur ethernet
US20090287936A1 (en) * 2008-05-15 2009-11-19 International Business Machines Corporation Managing passwords used when detecting information on configuration items disposed on a network
US20090300434A1 (en) * 2008-06-03 2009-12-03 Gollub Marc A Clearing Interrupts Raised While Performing Operating System Critical Tasks
US7631106B2 (en) 2002-08-15 2009-12-08 Mellanox Technologies Ltd. Prefetching of receive queue descriptors
US20090302923A1 (en) 2006-05-08 2009-12-10 Mellanox Technologies Ltd. Terminated input buffer with offset cancellation circuit
US7653754B2 (en) 2004-01-05 2010-01-26 Mellanox Technologies Ltd. Method, system and protocol that enable unrestricted user-level access to a network interface adapter
US7657659B1 (en) * 2006-11-30 2010-02-02 Vmware, Inc. Partial copying of data to transmit buffer for virtual network device
WO2010020907A2 (fr) 2008-08-21 2010-02-25 Voltaire Ltd. Dispositif, système et procédé de distribution de messages
US7688853B2 (en) 2001-05-04 2010-03-30 Slt Logic, Llc System and method for hierarchical policing of flows and subflows of a data stream
US20100088437A1 (en) 2008-10-06 2010-04-08 Mellanox Technologies Ltd Infiniband adaptive congestion control adaptive marking rate
US20100138298A1 (en) * 2008-04-02 2010-06-03 William Fitzgerald System for advertising integration with auxiliary interface
US20100138840A1 (en) 2005-08-23 2010-06-03 Mellanox Technologies Ltd. System and method for accelerating input/output access operation on a virtual machine
US20100169507A1 (en) * 2008-12-30 2010-07-01 Ravi Sahita Apparatus and method for managing subscription requests for a network interface component
US20100169880A1 (en) 2008-12-25 2010-07-01 Voltaire Ltd. Virtual input-output connections for machine virtualization
US20100188140A1 (en) 2006-04-07 2010-07-29 Mellanox Technologies Ltd. Accurate Global Reference Voltage Distribution System With Local Reference Voltages Referred To Local Ground And Locally Supplied Voltage
US20100189206A1 (en) 2009-01-28 2010-07-29 Mellanox Technologies Ltd Precise Clock Synchronization
WO2010087826A1 (fr) 2009-01-29 2010-08-05 Hewlett-Packard Development Company, L.P. Connexion de ports d'un ou plusieurs dispositifs électroniques à différents sous-ensembles de réseaux sur la base de différents modes de fonctionnement
US7802071B2 (en) 2007-07-16 2010-09-21 Voltaire Ltd. Device, system, and method of publishing information to multiple subscribers
US7801027B2 (en) 2006-08-30 2010-09-21 Mellanox Technologies Ltd. Auto-negotiation by nodes on an infiniband fabric
US7813460B2 (en) 2005-09-30 2010-10-12 Slt Logic, Llc High-speed data sampler with input threshold adjustment
US20100265849A1 (en) 2009-04-21 2010-10-21 Voltaire Ltd Spanning tree root selection in a hierarchical network
US20100274876A1 (en) 2009-04-28 2010-10-28 Mellanox Technologies Ltd Network interface device with memory management capabilities
US7827442B2 (en) 2006-01-23 2010-11-02 Slt Logic Llc Shelf management controller with hardware/software implemented dual redundant configuration
US7835375B2 (en) 2001-05-04 2010-11-16 Slt Logic, Llc Method and apparatus for providing multi-protocol, multi-stage, real-time frame classification
US20100306540A1 (en) * 2008-02-13 2010-12-02 Panasonic Corporation Encryption processing method and encryption processing device
US7848322B2 (en) 2007-03-26 2010-12-07 Voltaire Ltd. Device, system and method of UDP communication
US20100318800A1 (en) * 2009-06-11 2010-12-16 Microsoft Corporation Key management in secure network enclaves
US7864787B2 (en) 2007-03-26 2011-01-04 Voltaire Ltd. Device, system and method of multicast communication
US20110004457A1 (en) 2006-08-07 2011-01-06 Voltaire Ltd. Service-oriented infrastructure management
US20110010557A1 (en) 2009-07-07 2011-01-13 Mellanox Technologies Ltd Control message signature for device control
US20110022695A1 (en) * 2009-07-27 2011-01-27 Vmware, Inc. Management and Implementation of Enclosed Local Networks in a Virtual Lab
US20110029847A1 (en) 2009-07-30 2011-02-03 Mellanox Technologies Ltd Processing of data integrity field
US20110058571A1 (en) 2009-09-09 2011-03-10 Mellanox Technologies Ltd. Data switch with shared port buffers
US7921178B2 (en) 2008-12-04 2011-04-05 Voltaire Ltd. Device, system, and method of accessing storage
US20110083064A1 (en) 2009-10-04 2011-04-07 Mellanox Technologies Ltd Processing of block and transaction signatures
WO2011043769A1 (fr) 2009-10-07 2011-04-14 Hewlett-Packard Development Company, L.P. Mise en antémémoire de point d'extrémité par une mémoire hôte à partir d'un protocole de notification
US7930437B2 (en) 2001-04-11 2011-04-19 Mellanox Technologies Ltd. Network adapter with shared database for message context information
US7929539B2 (en) 2001-04-11 2011-04-19 Mellanox Technologies Ltd. Multiple queue pair access with a single doorbell
US20110096668A1 (en) 2009-10-26 2011-04-28 Mellanox Technologies Ltd. High-performance adaptive routing
US7934959B2 (en) 2009-10-06 2011-05-03 Mellanox Technologies Ltd. Adapter for pluggable module
WO2011053305A1 (fr) 2009-10-30 2011-05-05 Hewlett-Packard Development Co Barre bus thermique pour un réceptacle de pales
WO2011053330A1 (fr) 2009-11-02 2011-05-05 Hewlett-Packard Development Company, L.P. Calcul multitraitements avec commutation incorporée répartie
US20110113083A1 (en) 2009-11-11 2011-05-12 Voltaire Ltd Topology-Aware Fabric-Based Offloading of Collective Functions
US20110119673A1 (en) 2009-11-15 2011-05-19 Mellanox Technologies Ltd. Cross-channel network operation offloading for collective operations
US20110116512A1 (en) 2009-11-19 2011-05-19 Mellanox Technologies Ltd Dynamically-Connected Transport Service
US7978606B2 (en) 2001-05-04 2011-07-12 Slt Logic, Llc System and method for policing multiple data flows and multi-protocol data flows
US20110173352A1 (en) 2010-01-13 2011-07-14 Mellanox Technologies Ltd Power Reduction on Idle Communication Lanes

Patent Citations (175)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5325532A (en) 1992-09-25 1994-06-28 Compaq Computer Corporation Automatic development of operating system boot image
US5272599A (en) 1993-03-19 1993-12-21 Compaq Computer Corporation Microprocessor heat dissipation apparatus for a printed circuit board
EP0620521A2 (fr) 1993-04-16 1994-10-19 Hewlett-Packard Company Méthode de composition dynamique de fenêtres de diologue
US6098112A (en) 1995-10-19 2000-08-01 Hewlett-Packard Company Streams function registering
US6157721A (en) 1996-08-12 2000-12-05 Intertrust Technologies Corp. Systems and methods using cryptography to protect secure computing environments
US5946189A (en) 1997-04-23 1999-08-31 Compaq Computer Corporation Pivotable support and heat sink apparatus removably connectable without tools to a computer processor
US6160554A (en) 1998-03-19 2000-12-12 Hewlett Packard Company Computer file content preview window
US20030214677A1 (en) 1998-03-26 2003-11-20 Ranjit Bhaskar Tone dependent variable halftoning wih adjustable algorithm selection
US6530007B2 (en) 1998-07-13 2003-03-04 Compaq Information Technologies Group, L.P. Method and apparatus for supporting heterogeneous memory in computer systems
US6768996B1 (en) 1998-10-08 2004-07-27 Hewlett-Packard Development Company, L.P. System and method for retrieving an abstracted portion of a file without regard to the operating system of the current host computer
US20030191786A1 (en) 1999-02-01 2003-10-09 Matson Mark D. Computer method and apparatus for division and square root operations using signed digit
US20020156784A1 (en) 1999-04-08 2002-10-24 Hanes David H. Method for transferring and indexing data from old media to new media
US7509355B2 (en) 1999-04-08 2009-03-24 Hewlett-Packard Development Company, L.P. Method for transferring and indexing data from old media to new media
US6502203B2 (en) 1999-04-16 2002-12-31 Compaq Information Technologies Group, L.P. Method and apparatus for cluster system operation
US6304945B1 (en) 1999-05-13 2001-10-16 Compaq Computer Corporation Method and apparatus for maintaining cache coherency in a computer system having multiple processor buses
US20080177890A1 (en) 1999-05-24 2008-07-24 Krause Michael R Reliable datagram via independent source destination resources
US7904576B2 (en) 1999-05-24 2011-03-08 Hewlett-Packard Development Company, L.P. Reliable datagram via independent source destination resources
US6978331B1 (en) 1999-09-08 2005-12-20 Mellanox Technologies Ltd. Synchronization of interrupts with data packets
WO2001048972A1 (fr) 1999-12-28 2001-07-05 Mellanox Technologies Ltd. Échantillonnage adaptatif
US20030055900A1 (en) * 2000-02-02 2003-03-20 Siemens Aktiengesellschaft Network and associated network subscriber having message route management between a microprocessor interface and ports of the network subscriber
US7216225B2 (en) 2000-05-24 2007-05-08 Voltaire Ltd. Filtered application-to-application communication
US7103626B1 (en) 2000-05-24 2006-09-05 Hewlett-Packard Development, L.P. Partitioning in distributed computer system
US6735642B2 (en) 2000-06-02 2004-05-11 Mellanox Technologies Ltd. DMA doorbell
US20040071250A1 (en) 2000-06-20 2004-04-15 Bunton William P. High-speed interconnection adapter having automated lane de-skew
US7346702B2 (en) 2000-08-24 2008-03-18 Voltaire Ltd. System and method for highly scalable high-speed content-based filtering and load balancing in interconnected fabrics
US20040190538A1 (en) 2000-09-08 2004-09-30 Hewlett-Packard Development Company, L.P. Speculative transmit for system area network latency reduction
US20020059052A1 (en) 2000-09-12 2002-05-16 Mellanox Technologies Ltd. Co-simulation of network components
US6349035B1 (en) 2000-09-29 2002-02-19 Compaq Information Technologies Group, L.P. Method and apparatus for tooless mating of liquid cooled cold plate with tapered interposer heat sink
WO2002030130A1 (fr) 2000-10-03 2002-04-11 Sony Electronics Inc. Recepteur de radiodiffusion de faible puissance
US6718392B1 (en) 2000-10-24 2004-04-06 Hewlett-Packard Development Company, L.P. Queue pair partitioning in distributed computer system
WO2002035838A1 (fr) 2000-10-28 2002-05-02 Voltaire Limited Ensemble boitier decodeur modulaire
US6728743B2 (en) 2001-01-04 2004-04-27 Mellanox Technologies Ltd. Modulo remainder generator
US7254237B1 (en) 2001-01-12 2007-08-07 Slt Logic, Llc System and method for establishing a secure connection
US20020112139A1 (en) 2001-02-13 2002-08-15 Krause Michael R. Highly available, monotonic increasing sequence number generation
US6950961B2 (en) 2001-02-13 2005-09-27 Hewlett-Packard Development Company, L.P. Highly available, monotonic increasing sequence number generation
US20020129293A1 (en) 2001-03-07 2002-09-12 Hutton John F. Scan based multiple ring oscillator structure for on-chip speed measurement
US20020140985A1 (en) 2001-04-02 2002-10-03 Hudson Kevin R. Color calibration for clustered printing
US7929539B2 (en) 2001-04-11 2011-04-19 Mellanox Technologies Ltd. Multiple queue pair access with a single doorbell
US7930437B2 (en) 2001-04-11 2011-04-19 Mellanox Technologies Ltd. Network adapter with shared database for message context information
US7835375B2 (en) 2001-05-04 2010-11-16 Slt Logic, Llc Method and apparatus for providing multi-protocol, multi-stage, real-time frame classification
US7688853B2 (en) 2001-05-04 2010-03-30 Slt Logic, Llc System and method for hierarchical policing of flows and subflows of a data stream
US20090213856A1 (en) 2001-05-04 2009-08-27 Slt Logic Llc System and Method for Providing Transformation of Multi-Protocol Packets in a Data Stream
US7978606B2 (en) 2001-05-04 2011-07-12 Slt Logic, Llc System and method for policing multiple data flows and multi-protocol data flows
US6438130B1 (en) 2001-06-28 2002-08-20 Mellanox Technologies Ltd. Forwarding database cache
US20030007165A1 (en) 2001-07-05 2003-01-09 Hudson Kevin R. Direction-dependent color conversion in bidirectional printing
US7136397B2 (en) 2001-08-20 2006-11-14 Slt Logic Llc Network architecture and system for delivering bi-directional xDSL based services
US7099275B2 (en) 2001-09-21 2006-08-29 Slt Logic Llc Programmable multi-service queue scheduler
US7151744B2 (en) 2001-09-21 2006-12-19 Slt Logic Llc Multi-service queuing method and apparatus that provides exhaustive arbitration, load balancing, and support for rapid port failover
US20030058459A1 (en) 2001-09-26 2003-03-27 Yifeng Wu Generalized color calibration architecture and method
US6904534B2 (en) 2001-09-29 2005-06-07 Hewlett-Packard Development Company, L.P. Progressive CPU sleep state duty cycle to limit peak power of multiple computers on shared power distribution unit
US20030063299A1 (en) 2001-10-02 2003-04-03 Cowan Philip B. Color calibration method and apparatus
US20030065856A1 (en) 2001-10-03 2003-04-03 Mellanox Technologies Ltd. Network adapter with multiple event queues
US20030081060A1 (en) 2001-10-29 2003-05-01 Huanzhao Zeng Method and system for management of color through conversion between color spaces
US7240350B1 (en) 2002-01-07 2007-07-03 Slt Logic, Llc System and method for providing communications to processes
US20030172330A1 (en) 2002-03-11 2003-09-11 Barron Dwight L. Data redundancy in a hot pluggable, large symmetric multi-processor system
US7093158B2 (en) 2002-03-11 2006-08-15 Hewlett-Packard Development Company, L.P. Data redundancy in a hot pluggable, large symmetric multi-processor system
US7245627B2 (en) 2002-04-23 2007-07-17 Mellanox Technologies Ltd. Sharing a network interface card among multiple hosts
US20030202043A1 (en) 2002-04-24 2003-10-30 Huanzhao Zeng Determination of control points for construction of first color space-to-second color space look-up table
US6667918B2 (en) 2002-05-01 2003-12-23 Mellanox Technologies Ltd. Self-repair of embedded memory arrays
US7149227B2 (en) 2002-05-31 2006-12-12 Mellanox Technologies Ltd. Round-robin arbiter with low jitter
US20070220183A1 (en) 2002-07-23 2007-09-20 Mellanox Technologies Ltd. Receive Queue Descriptor Pool
US7143412B2 (en) 2002-07-25 2006-11-28 Hewlett-Packard Development Company, L.P. Method and apparatus for optimizing performance in a multi-processing system
US20040034603A1 (en) 2002-08-14 2004-02-19 Hastings Mark Alan Transferable meter licenses using smartcard technology
US7631106B2 (en) 2002-08-15 2009-12-08 Mellanox Technologies Ltd. Prefetching of receive queue descriptors
US7316017B1 (en) 2003-01-06 2008-01-01 Slt Logic, Llc System and method for allocatiing communications to processors and rescheduling processes in a multiprocessor system
US20080301406A1 (en) 2003-01-06 2008-12-04 Van Jacobson System and method for allocating communications to processors in a multiprocessor system
US7386619B1 (en) 2003-01-06 2008-06-10 Slt Logic, Llc System and method for allocating communications to processors in a multiprocessor system
US20040141642A1 (en) 2003-01-22 2004-07-22 Huanzhao Zeng Color space conversion using interpolation
US20040193734A1 (en) 2003-03-27 2004-09-30 Barron Dwight L. Atomic operations
US20040190557A1 (en) 2003-03-27 2004-09-30 Barron Dwight L. Signaling packet
US7103744B2 (en) 2003-03-27 2006-09-05 Hewlett-Packard Development Company, L.P. Binding a memory window to a queue pair
US20040190533A1 (en) 2003-03-27 2004-09-30 Prashant Modi Method and apparatus for performing connection management with multiple stacks
US20040193825A1 (en) 2003-03-27 2004-09-30 Garcia David J. Binding a memory window to a queue pair
US7554993B2 (en) 2003-03-27 2009-06-30 Hewlett-Packard Development Company, L.P. Method and apparatus for performing connection management with multiple stacks
US7502826B2 (en) 2003-03-27 2009-03-10 Hewlett-Packard Development Company, L.P. Atomic operations
US20040210754A1 (en) 2003-04-16 2004-10-21 Barron Dwight L. Shared security transform device, system and methods
US20040252685A1 (en) 2003-06-13 2004-12-16 Mellanox Technologies Ltd. Channel adapter with integrated switch
US20050021968A1 (en) 2003-06-25 2005-01-27 Zimmer Vincent J. Method for performing a trusted firmware/bios update
US20050008223A1 (en) 2003-07-09 2005-01-13 Huanzhao Zeng Representing extended color gamut information
US20050018221A1 (en) 2003-07-21 2005-01-27 Huanzhao Zeng Conforming output intensities of pens
US20050039187A1 (en) 2003-08-12 2005-02-17 Avakian Arra E. Instrumenting java code by modifying bytecodes
US20050039171A1 (en) 2003-08-12 2005-02-17 Avakian Arra E. Using interceptors and out-of-band data to monitor the performance of Java 2 enterprise edition (J2EE) applications
US20050039172A1 (en) 2003-08-12 2005-02-17 Jeffrey Rees Synthesizing application response measurement (ARM) instrumentation
US7757232B2 (en) 2003-08-14 2010-07-13 Hewlett-Packard Development Company, L.P. Method and apparatus for implementing work request lists
US20050038941A1 (en) 2003-08-14 2005-02-17 Mallikarjun Chadalapaka Method and apparatus for accessing a memory
US7617376B2 (en) 2003-08-14 2009-11-10 Hewlett-Packard Development Company, L.P. Method and apparatus for accessing a memory
US20050038918A1 (en) 2003-08-14 2005-02-17 Hilland Jeffrey R. Method and apparatus for implementing work request lists
US7404190B2 (en) 2003-09-18 2008-07-22 Hewlett-Packard Development Company, L.P. Method and apparatus for providing notification via multiple completion queue handlers
US20050066333A1 (en) 2003-09-18 2005-03-24 Krause Michael R. Method and apparatus for providing notification
US7653754B2 (en) 2004-01-05 2010-01-26 Mellanox Technologies Ltd. Method, system and protocol that enable unrestricted user-level access to a network interface adapter
US20050172181A1 (en) 2004-01-16 2005-08-04 Mellanox Technologies Ltd. System and method for production testing of high speed communications receivers
US20050219314A1 (en) 2004-03-30 2005-10-06 David Donovan Formation of images
US20050219278A1 (en) 2004-03-30 2005-10-06 Hudson Kevin R Image formation with a flexible number of passes
US20050231751A1 (en) 2004-04-15 2005-10-20 Yifeng Wu Image processing system and method
US20050246552A1 (en) * 2004-04-29 2005-11-03 International Business Machines Corporation Method and system for virtualization of trusted platform modules
US7650386B2 (en) 2004-07-29 2010-01-19 Hewlett-Packard Development Company, L.P. Communication among partitioned devices
US20060026443A1 (en) 2004-07-29 2006-02-02 Mcmahan Larry N Communication among partitioned devices
US20060045098A1 (en) 2004-08-31 2006-03-02 Krause Michael R System for port mapping in a network
US20060168153A1 (en) * 2004-11-13 2006-07-27 Ben Lin Method of configuring wireless device
US20090007228A1 (en) * 2004-11-18 2009-01-01 Fortinet, Inc. Managing hierarchically organized subscriber profiles
US7403535B2 (en) 2004-12-14 2008-07-22 Hewlett-Packard Development Company, L.P. Aggregation of network resources providing offloaded connections between applications over a network
US7551614B2 (en) 2004-12-14 2009-06-23 Hewlett-Packard Development Company, L.P. Aggregation over multiple processing nodes of network resources each providing offloaded connections between applications over a network
US20060165074A1 (en) 2004-12-14 2006-07-27 Prashant Modi Aggregation of network resources providing offloaded connections between applications over a network
US20060126619A1 (en) 2004-12-14 2006-06-15 Teisberg Robert R Aggregation over multiple processing nodes of network resources each providing offloaded connections between applications over a network
US20060193318A1 (en) 2005-02-28 2006-08-31 Sriram Narasimhan Method and apparatus for processing inbound and outbound quanta of data
US20060228637A1 (en) 2005-04-11 2006-10-12 Jackson Bruce J Color filter
US20060248191A1 (en) 2005-04-27 2006-11-02 Hudson Charles L Aggregation of hybrid network resources operable to support both offloaded and non-offloaded connections
US7580415B2 (en) 2005-04-27 2009-08-25 Hewlett-Packard Development Company, L.P. Aggregation of hybrid network resources operable to support both offloaded and non-offloaded connections
US20080209532A1 (en) * 2005-05-27 2008-08-28 Huawei Technologies Co., Ltd. Method For Implementing Access Domain Security of IP Multimedia Subsystem
US7580495B2 (en) 2005-06-30 2009-08-25 Slt Logic Llc Mixer-based phase control
US7573967B2 (en) 2005-07-01 2009-08-11 Slt Logic Llc Input threshold adjustment in a synchronous data sampling circuit
US20100138840A1 (en) 2005-08-23 2010-06-03 Mellanox Technologies Ltd. System and method for accelerating input/output access operation on a virtual machine
US7285996B2 (en) 2005-09-30 2007-10-23 Slt Logic, Llc Delay-locked loop
US7813460B2 (en) 2005-09-30 2010-10-12 Slt Logic, Llc High-speed data sampler with input threshold adjustment
US20070188351A1 (en) 2005-12-16 2007-08-16 Andrew Brown Hardware enablement using an interface
US7827442B2 (en) 2006-01-23 2010-11-02 Slt Logic Llc Shelf management controller with hardware/software implemented dual redundant configuration
US7518164B2 (en) 2006-03-29 2009-04-14 Mellanox Technologies Ltd. Current-triggered low turn-on voltage SCR
US20100188140A1 (en) 2006-04-07 2010-07-29 Mellanox Technologies Ltd. Accurate Global Reference Voltage Distribution System With Local Reference Voltages Referred To Local Ground And Locally Supplied Voltage
US20090302923A1 (en) 2006-05-08 2009-12-10 Mellanox Technologies Ltd. Terminated input buffer with offset cancellation circuit
US20080024586A1 (en) 2006-07-31 2008-01-31 Rodolfo Jodra Barron System and method for calibrating a beam array of a printer
US20110004457A1 (en) 2006-08-07 2011-01-06 Voltaire Ltd. Service-oriented infrastructure management
US20090201926A1 (en) 2006-08-30 2009-08-13 Mellanox Technologies Ltd Fibre channel processing by a host channel adapter
US7801027B2 (en) 2006-08-30 2010-09-21 Mellanox Technologies Ltd. Auto-negotiation by nodes on an infiniband fabric
US20080148395A1 (en) * 2006-10-24 2008-06-19 Chris Brock System and method for securing settings of a computing device
US20080115217A1 (en) 2006-10-31 2008-05-15 Hewlett-Packard Development Company, L.P. Method and apparatus for protection of a computer system from malicious code attacks
US20080148400A1 (en) 2006-10-31 2008-06-19 Hewlett-Packard Development Company, L.P. Method and apparatus for enforcement of software licence protection
US20080115216A1 (en) 2006-10-31 2008-05-15 Hewlett-Packard Development Company, L.P. Method and apparatus for removing homogeneity from execution environment of computing system
US20080126509A1 (en) 2006-11-06 2008-05-29 Viswanath Subramanian Rdma qp simplex switchless connection
US20080109526A1 (en) 2006-11-06 2008-05-08 Viswanath Subramanian Rdma data to responder node coherency domain
US7657659B1 (en) * 2006-11-30 2010-02-02 Vmware, Inc. Partial copying of data to transmit buffer for virtual network device
US20080135774A1 (en) 2006-12-08 2008-06-12 Asml Netherlands B.V. Scatterometer, a lithographic apparatus and a focus analysis method
US20080147828A1 (en) 2006-12-18 2008-06-19 Enstone Mark R Distributed Configuration Of Network Interface Cards
US7848322B2 (en) 2007-03-26 2010-12-07 Voltaire Ltd. Device, system and method of UDP communication
US7864787B2 (en) 2007-03-26 2011-01-04 Voltaire Ltd. Device, system and method of multicast communication
US7856488B2 (en) 2007-03-30 2010-12-21 Hewlett-Packard Development Company, L.P. Electronic device profile migration
US20080244060A1 (en) 2007-03-30 2008-10-02 Cripe Daniel N Electronic device profile migration
WO2008127672A2 (fr) 2007-04-11 2008-10-23 Slt Logic Llc Broche modulaire destinée à assurer une fonctionnalité mécanique, électrique et environnementale adaptable dans l'entreprise à l'aide de cartes tca avancées
US20080304519A1 (en) 2007-06-06 2008-12-11 Hewlett-Packard Development Company, L.P. Method for ethernet power savings on link aggregated groups
US7802071B2 (en) 2007-07-16 2010-09-21 Voltaire Ltd. Device, system, and method of publishing information to multiple subscribers
US20090158048A1 (en) * 2007-12-14 2009-06-18 Electronics And Telecommunications Research Institute Method, client and system for reversed access to management server using one-time password
US20090165003A1 (en) 2007-12-21 2009-06-25 Van Jacobson System and method for allocating communications to processors and rescheduling processes in a multiprocessor system
US20100306540A1 (en) * 2008-02-13 2010-12-02 Panasonic Corporation Encryption processing method and encryption processing device
US20100138298A1 (en) * 2008-04-02 2010-06-03 William Fitzgerald System for advertising integration with auxiliary interface
US20110029669A1 (en) 2008-04-28 2011-02-03 Mike Chuang Adjustable Server-Transmission Rates Over Fixed-Speed Backplane Connections Within A Multi-Server Enclosure
WO2009134219A1 (fr) 2008-04-28 2009-11-05 Hewlett-Packard Development Company, L.P. Débits de transmission de serveur réglables sur des connexions de fond de panier à vitesse fixe à l'intérieur d'une enceinte comprenant plusieurs serveurs
US20090268612A1 (en) 2008-04-29 2009-10-29 Google Inc. Method and apparatus for a network queuing engine and congestion management gateway
WO2009136933A1 (fr) 2008-05-08 2009-11-12 Hewlett-Packard Development Company, L.P. Procédé pour assurer l'interface entre un réseau fibre channel et un réseau basé sur ethernet
US20110044344A1 (en) 2008-05-08 2011-02-24 Hudson Charles L A method for interfacing a fibre channel network with an ethernet based network
US20090287936A1 (en) * 2008-05-15 2009-11-19 International Business Machines Corporation Managing passwords used when detecting information on configuration items disposed on a network
US20090300434A1 (en) * 2008-06-03 2009-12-03 Gollub Marc A Clearing Interrupts Raised While Performing Operating System Critical Tasks
WO2010020907A2 (fr) 2008-08-21 2010-02-25 Voltaire Ltd. Dispositif, système et procédé de distribution de messages
US20100088437A1 (en) 2008-10-06 2010-04-08 Mellanox Technologies Ltd Infiniband adaptive congestion control adaptive marking rate
US7921178B2 (en) 2008-12-04 2011-04-05 Voltaire Ltd. Device, system, and method of accessing storage
US20100169880A1 (en) 2008-12-25 2010-07-01 Voltaire Ltd. Virtual input-output connections for machine virtualization
US20100169507A1 (en) * 2008-12-30 2010-07-01 Ravi Sahita Apparatus and method for managing subscription requests for a network interface component
US20100189206A1 (en) 2009-01-28 2010-07-29 Mellanox Technologies Ltd Precise Clock Synchronization
WO2010087826A1 (fr) 2009-01-29 2010-08-05 Hewlett-Packard Development Company, L.P. Connexion de ports d'un ou plusieurs dispositifs électroniques à différents sous-ensembles de réseaux sur la base de différents modes de fonctionnement
US20100265849A1 (en) 2009-04-21 2010-10-21 Voltaire Ltd Spanning tree root selection in a hierarchical network
US8000336B2 (en) 2009-04-21 2011-08-16 Voltaire Ltd. Spanning tree root selection in a hierarchical network
US20100274876A1 (en) 2009-04-28 2010-10-28 Mellanox Technologies Ltd Network interface device with memory management capabilities
US20100318800A1 (en) * 2009-06-11 2010-12-16 Microsoft Corporation Key management in secure network enclaves
US20110010557A1 (en) 2009-07-07 2011-01-13 Mellanox Technologies Ltd Control message signature for device control
US20110022695A1 (en) * 2009-07-27 2011-01-27 Vmware, Inc. Management and Implementation of Enclosed Local Networks in a Virtual Lab
US20110029847A1 (en) 2009-07-30 2011-02-03 Mellanox Technologies Ltd Processing of data integrity field
US20110058571A1 (en) 2009-09-09 2011-03-10 Mellanox Technologies Ltd. Data switch with shared port buffers
US20110083064A1 (en) 2009-10-04 2011-04-07 Mellanox Technologies Ltd Processing of block and transaction signatures
US7934959B2 (en) 2009-10-06 2011-05-03 Mellanox Technologies Ltd. Adapter for pluggable module
WO2011043769A1 (fr) 2009-10-07 2011-04-14 Hewlett-Packard Development Company, L.P. Mise en antémémoire de point d'extrémité par une mémoire hôte à partir d'un protocole de notification
US20110096668A1 (en) 2009-10-26 2011-04-28 Mellanox Technologies Ltd. High-performance adaptive routing
WO2011053305A1 (fr) 2009-10-30 2011-05-05 Hewlett-Packard Development Co Barre bus thermique pour un réceptacle de pales
WO2011053330A1 (fr) 2009-11-02 2011-05-05 Hewlett-Packard Development Company, L.P. Calcul multitraitements avec commutation incorporée répartie
US20110113083A1 (en) 2009-11-11 2011-05-12 Voltaire Ltd Topology-Aware Fabric-Based Offloading of Collective Functions
US20110119673A1 (en) 2009-11-15 2011-05-19 Mellanox Technologies Ltd. Cross-channel network operation offloading for collective operations
US20110116512A1 (en) 2009-11-19 2011-05-19 Mellanox Technologies Ltd Dynamically-Connected Transport Service
US20110173352A1 (en) 2010-01-13 2011-07-14 Mellanox Technologies Ltd Power Reduction on Idle Communication Lanes

Non-Patent Citations (155)

* Cited by examiner, † Cited by third party
Title
A. Edwards, et al.; ACM Computer Communication Review, vol. 24, No. 4, pp. 14-23, Oct. 1994.
A. Edwards, S. Muir; ACM Computer Communication Review, vol. 25, No. 4, Oct. 1995.
A. Romanow and S. Floyd; ACM Computer Communication Review, vol. 24, No. 4, p. 79-88, Oct. 1994.
Aguiar et al. "Embedded systems' virtualization: The next challenge?" Rapid System Prototyping (RSP), 2010 21st IEEE International Symposium on 2010, pp. 1-7. *
Andrew D. Birrell, et al.; Communications of the ACM, vol. 25, Issue 4, pp. 260-274, Apr. 1982.
Andy Currid; ACM Queue, vol. 2, No. 3, 2004, May 1, 2004.
B. Leslie, et al.; J. Comput. Sci. & Technol., vol. 20, Sep. 2005.
Babak Falsafi, et al.; Proceedings of the 1994 conference on Supercomputing, pp. 380-389, Washington D.C., Nov. 14, 1994.
Bilic Hrvoye, et al.; article in Proceedings of the 9th Symposium on High Performance Interconnects, "Deferred Segmentation for Wire-Speed Transmission of Large TCP Frames over Standard GbE Networks," Aug. 22, 2001, 5pp.
Bilic Hrvoye, et al.; presentation slides from 9th Symposium on High Performance Interconnects, "Deferred Segmentation for Wire-Speed Transmission of Large TCP Frames over Standard GbE Networks," Aug. 22, 2001, 9pp.
Boon S. Ang, et al.; Proceedings of the 1998 ACM/IEEE conference on Supercomputing, Orlando, Florida, Nov. 7, 1998.
Bruce Lowekamp, et al.; ACM Computer Communication Review, vol. 31, No. 4, Oct. 2001.
Bruce S. Davie; ACM Computer Communication Review, vol. 21, No. 4, Sep. 1991.
C. A. Thekkath, et al.; ACM Computer Communication Review, vol. 23, No. 4, Oct. 1993.
C. Brendan S. Traw, et al.; ACM Computer Communication Review, vol. 21, No. 4, p. 317-325, Sep. 1991.
C. Kline; ACM Computer Communication Review, vol. 17, No. 5, Aug. 1987.
C. Partridge, J. Hughes, J. Stone; ACM Computer Communication Review, vol. 25, No. 4, p. 68-76, Oct. 1995.
C. Traw and J. Smith; IEEE Journal on Selected Areas in Communications, pp. 240-253, Feb. 1993.
Charles Kalmanek; ACM Computer Communication Review, vol. 32, No. 5, pp. 13-19, Nov. 2002.
Charles P. Thacker and Lawrence C. Stewart; ACM Operating Systems Review, vol. 21, Issue 4, p. 164-172, 1987, Oct. 1997.
Cheng Jin, et al.; Proceedings of IEEE Infocom 2004, pp. 1246-1259, Mar. 7, 2004.
Chi-Chao Chang, et al.; Proceedings of the 1996 ACM/IEEE conference on Supercomputing, Pittsburgh, Nov. 17, 1996.
Chris Maeda, Brian Bershad; ACM Operating Systems Review, vol. 27, Issue 5, p. 244-255, Dec. 1993.
Christopher A. Kent, Jeffrey C. Mogul; ACM Computer Communication Review, vol. 17, No. 5, pp. 390-401, Oct. 1987.
Craig Partridge; ACM Computer Communication Review, vol. 20, No. 1, p. 44-53, Jan. 1990.
D. D. Clark and D. L. Tennenhouse; ACM Computer Communication Review, vol. 20, No. 4, pp. 200-208, Sep. 1990.
D. L. Tennenhouse, D. J. Wetherall; ACM Computer Communication Review, vol. 26, No. 2, pp. 15-20, Apr. 1996.
Danny Cohen, et al.; ACM Computer Communication Review, vol. 23, No. 4, p. 32-44, Jul. 1993.
Danny Cohen, Gregory Finn, Robert Felderman, Annette DeSchon; Journal of High Speed Networks, Jan. 3, 1994.
Danny Cohen, Gregory Finn, Robert Felderman, Annette DeSchon; Made available by authors, Jan. 10, 1992.
David A. Borman; ACM Computer Communication Review, vol. 19, No. 2, p. 11-15, Apr. 1989.
David D. Clark, et al.; IEEE Communications Magazine, vol. 27, No. 6, pp. 23-29, Jun. 1989.
David D. Clark; ACM Computer Communication Review, vol. 18, No. 4, pp. 106-114, Aug. 1988.
David R. Boggs, et al.; ACM Computer Communication Review, vol. 18, No. 4, p. 222-234, Aug. 1988.
David R. Cheriton; ACM Computer Communication Review, vol. 19, No. 4, p. 158-169, Sep. 1989.
David Wetherall; ACM Computer Communication Review, vol. 36, No. 3, pp. 77-78, Jul. 2006.
Derek McAuley, Rolf Neugebauer; Proceedings of the ACM SIGCOMM 2003 Workshops, Aug. 2003.
Derek Robert McAuley; PhD Thesis, University of Cambridge, Sep. 1989.
Dickman, L., "Protocol OffLoading vs OnLoading in High Performance Networks," 14th Symposium on High Performance Interconnects, Aug. 23, 2006, 8pp.
E. Blanton and M. Allman; ACM Computer Communication Review, vol. 32, No. 1, Jan. 2002.
E. Ruetsche; ACM Computer Communication Review, vol. 23, No. 3, Jul. 1993.
Ed Anderson, et al.; Proceedings of the 1997 ACM/IEEE conference on Supercomputing, p. 1-17, San Jose, California, Nov. 16, 1997.
Edward D. Lazowska, David A. Patterson; ACM Computer Communication Review, vol. 35, No. 2, Jul. 2005.
Eric C. Cooper, et al.; ACM Computer Communication Review, vol. 20, No. 4, p. 135-144, Sep. 1990.
Erich Ruetsche and Matthias Kaiserswerth; Proceedings of the IFIP TC6/WG6.4 Fourth International Conference on High Performance Networking IV, Dec. 14, 1992.
Extended European search report mailed Dec. 10, 2010 in EP 10 17 3326.
F.F. Kuo; ACM Computer Communication Review, vol. 4 No. 1, Jan. 1974.
Gary S. Delp, et al.; ACM Computer Communication Review, vol. 18, No. 4, p. 165-174, Aug. 1988.
Gene Tsudik; ACM Computer Communication Review, vol. 22, No. 5, pp. 29-38, Oct. 1992.
Geoffray P., "Protocol off-loading vs on-loading in high-performance networks," 14th Symposium on High Performance Interconnects, Aug. 23, 2006, 5pp.
Gordon E. Moore; Electronics, vol. 38, No. 8, pp. 114-117, 1965, Apr. 19, 1965.
Greg Chesson; Proceedings of the Third International Conference on High Speed Networking, Nov. 1991.
Greg Minshall, et al.; ACM Computer Communication Review, vol. 36, No. 3, pp. 79-92, Jul. 2006.
Greg Regnier, et al.; Computer, IEEE Computer Society, vol. 37, No. 11, pp. 48-58, Nov. 2004.
Greg Regnier, et al.; IEEE Micro, vol. 24, No. 1, p. 24-31, Jan. 1994.
Gregory G. Finn and Paul Mockapetris; Proceedings of InterOp '94, Las Vegas, Nevada, May 1994.
Gregory G. Finn; ACM Computer Communication Review, vol. 21, No. 5, p. 18-29, Oct. 1991.
Gregory L. Chesson; United States District Court, Northern District California, San Francisco Division, Feb. 4, 2005.
H. K. Jerry Chu; Proceedings of the USENIX Annual Technical Conference, Jan. 1996.
H. Kanakia and D. Cheriton; ACM Computer Communication Review, vol. 18, No. 4, p. 175-187, Aug. 1988.
Harvey J. Wassermann, et al.; Proceedings of the 1997 ACM/IEEE conference on Supercomputing, p. 1-11, San Jose, California, Nov. 16, 1997.
Humaira Kamal, et al.; Proceedings of the 2005 ACM/IEEE conference on Supercomputing, Seattle, p. 30, Washington, Nov. 12, 2005.
Ian Leslie and Derek R. McAuley; ACM Computer Communication Review, vol. 21, No. 4, p. 327, Sep. 1991.
Ian M. Leslie, et al.; ACM Computer Communication Review, vol. 14, No. 2, pp. 2-9, Jun. 1984.
Ian Pratt and Keir Fraser; Proceedings of IEEE Infocom 2001, pp. 67-76, Apr. 22, 2001.
J. C. Mogul; ACM Computer Communication Review, vol. 25, No. 4, Oct. 1995.
J. Carver Hill; Communications of the ACM, vol. 16, No. 6, p. 350-351, Jun. 1973.
J. Evans and T. Buller; IEEE TCGN Gigabit Networking Workshop, 2001, Apr. 22, 2001.
J. Vis; ACM Computer Communication Review, vol. 24, No. 1, pp. 7-11, Jan. 1994.
Jack B. Dennis and Earl C. Van Horn; Communications of the ACM, vol. 9, No. 3, pp. 143-155, Mar. 1966.
Jeffrey C. Mogul; Proceedings of HotOS IX: The 9th Workshop on Hot Topics in Operating Systems, pp. 25-30, May 18, 2003.
Jeffrey R. Michel; MSci Thesis, University of Virginia, Aug. 1993.
Jenwei Hsieh, et al.; Proceedings of the 2000 ACM/IEEE conference on Supercomputing, Dallas, Texas, Nov. 4, 2000.
Jiuxing Liu, et al.; Proceedings of the 2003 ACM/IEEE conference on Supercomputing, Phoenix, Arizona, Nov. 15, 2003.
Joe Touch, et al.; "Atomic-2" slides, Gigabit Networking Workshop '97 Meeting, Kobe, Japan, Apr. 1997, 10pp.
Joe Touch, et al.; "Host-based Routing Using Peer DMA," Gigabit Networking Workshop '97 Meeting, Kobe, Japan, Apr. 1997, 2pp.
John M. McQuillan, et al.; Proceedings of the 6th Data Communications Symposium, p. 63, Nov. 1979.
John Nagle; ACM Computer Communication Review, vol. 14, No. 4, p. 11-17, Oct. 1984.
John Salmon, et al.; Proceedings of the 1998 ACM/IEEE conference on Supercomputing, Orlando, Florida, Nov. 7, 1998.
Jon Crowcroft, Derek McAuley; ACM Computer Communication Review, vol. 32, No. 5, Nov. 2002.
Jon Crowcroft; ACM Computer Communication Review, vol. 36, No. 2, pp. 51-52, Apr. 2006.
Jonathan Kay and Joseph Pasquale; ACM Computer Communication Review, vol. 23, No. 4, pp. 259-268, Oct. 1993.
Jonathan M. Smith and C. Brendan S. Traw; IEEE Network, vol. 7, Issue 4, pp. 44-52, Jul. 1993.
Jonathan Smith; ACM Computer Communication Review, vol. 32, No. 5, pp. 29-37, Nov. 2002.
Jonathan Stone, Craig Partridge; ACM Computer Communication Review, vol. 30, No. 4, pp. 309-319, Oct. 2000.
Jose Carlos Sancho, et al.; Proceedings of the 2006 ACM/IEEE conference on Supercomputing, Tampa, Florida, Nov. 11, 2006.
Justin Hurwitz, Wu-chun Feng; Proceedings of the 11th Symposium on High Performance Interconnects, Aug. 20, 2003.
K. Kleinpaste, P. Steenkiste, B. Zill; ACM Computer Communication Review, vol. 25, No. 4, p. 87-98, Oct. 1995.
Ken Calvert; ACM Computer Communication Review, vol. 36, No. 2, pp. 27-30, Apr. 2006.
Kieran Mansley, et al.; Euro-Par Conference 2007, pp. 224-233, Rennes, France, Aug. 28, 2007.
L. S. Brakmo, et al.; ACM Computer Communication Review, vol. 24, No. 4, p. 24-35, Oct. 1994.
M. Allman; ACM Computer Communication Review, vol. 29, No. 3, Jul. 1999.
M. de Vivo, et al.; ACM Computer Communication Review, vol. 29, No. 1, pp. 81-85, Jan. 1999.
M. Kaiserswerth; IEEE/ACM Transactions in Networking vol. 1, Issue 6, pp. 650-663, Dec. 1993.
M.V. Wilkes and R.M. Needham; ACM SIGOPS Operating Systems Review, vol. 14, Issue 1, pp. 21-29, Jan. 1980.
Margaret L. Simmons and Harvey J. Wasserman; Proceedings of the 1988 ACM/IEEE conference on Supercomputing, p. 288-295, Orlando, Florida, Nov. 12, 1988.
Mark David Hayter; PhD Thesis, University of Cambridge, Sep. 1993.
Mark Hayter, Derek McAuley; ACM Operating Systems Review, vol. 25, Issue 4, p. 14-21, Oct. 1991.
Marvin Zelkowitz; Communications of the ACM, vol. 14, No. 6, p. 417-418, Jun. 1971.
Matthias Kaiserswerth; IEEE/ACM Transactions on Networking, vol. 1, No. 6, p. 650-663, Dec. 1993.
Mengjou Lin, et al.; Proceedings of the 1994 conference on Supercomputing, Washington D.C., Nov. 14, 1994.
Michael J. Dixon; University of Cambridge Computer Laboratory Technical Report No. 245, Jan. 1992.
Michael S. Warren, et al.; Proceedings of the 1998 ACM/IEEE conference on Supercomputing, Orlando, Florida, Nov. 7, 1998.
Mogul J., "TCP offload is a dumb idea whose time has come," USENIX Assoc., Proceedings of HotOS IX: The 9th Workshop on Hot Topics in Operating Systems, May 2003, pp. 24-30.
Mohamed, N. "Self-configuring communication middleware model for multiple network interfaces" Computer Software and Applications Conference, 2005. COMPSAC 2005. 29th Annual International 2005, pp. 115-120 vol. 2. *
Montry G., OpenFabrics Alliance presentation slides, 14th Symposium on High Performance Interconnects, Aug. 23, 2006, 8pp.
Murali Rangarajan, et al.; Technical Report DCR-TR-481, Computer Science Department, Rutgers University, Mar. 2002.
Nanette J. Boden, et al.; Draft of paper published in IEEE Micro, vol. 15, No. 1, pp. 29-36, 1995, Nov. 16, 1994.
NR Adiga, et al.; Proceedings of the 2002 ACM/IEEE conference on Supercomputing, pp. 1-22, Baltimore, Nov. 16, 2002.
O. Angin, et al.; ACM Computer Communication Review, vol. 27, No. 3, pp. 100-117, Jul. 1997.
P. Balaji, et al.; Proceedings of the IEEE International Conference on Cluster Computing, Sep. 2005.
P. Druschel, et al.; ACM Computer Communication Review, vol. 24, No. 4, Oct. 1994.
P. Kermani and L. Kleinrock; Computer Networks, vol. 3, No. 4, pp. 267-286, Sep. 1979.
Parry Husbands and James C. Hoe; Proceedings of the 1998 ACM/IEEE conference on Supercomputing, p. 1-15, Orlando, Florida, Nov. 7, 1998.
Pasi Sarolahti, et al.; ACM Computer Communication Review, vol. 33, No. 2, Apr. 2003.
Patrick Crowley, et al.; Proceedings of the 14th international conference on Supercomputing, pp. 54-65, Santa Fe, New Mexico, May 8, 2000.
Patrick Geoffray; HPCWire article: http://www.hpcwire.com/features/17886984.html, Aug. 18, 2006.
Paul E. McKenney and Ken F. Dove; ACM Computer Communication Review, vol. 22, No. 4, Oct. 1992.
Paul Ronald Barham; PhD Thesis, University of Cambridge, Jul. 1996.
Paul V. Mockapetris, Kevin J. Dunlap; ACM Computer Communication Review, vol. 18, No. 4, pp. 123-133, Aug. 1988.
Peter Druschel and Larry L. Peterson; ACM Operating Systems Review, vol. 27, Issue 5, p. 189-202, Dec. 1993.
Peter Steenkiste; ACM Computer Communication Review, vol. 22, No. 4, Oct. 1992.
Petrini F., "Protocol Off-loading vs On-loading in High-Performance Networks," 14th Symposium on High Performance Interconnects, Aug. 23, 2006, 4pp.
Philip Buonadonna, et al.; Proceedings of the 1998 ACM/IEEE conference on Supercomputing, p. 1-15, Orlando, Florida, Nov. 7, 1998.
Piyush Shivam, et al.; Proceedings of the 2001 ACM/IEEE conference on Supercomputing, pp. 57, Denver, Nov. 10, 2001.
R. Braden, et al.; ACM Computer Communication Review, vol. 19, No. 2, p. 86-94, Apr. 1989.
R. Bush, D. Meyer; IETF Network Working Group, Request for Comments: 3439, Dec. 2002.
R. J. Black, I. Leslie, and D. McAuley; ACM Computer Communication Review, vol. 24, No. 4, p. 158-167, Oct. 1994.
Raj K. Singh, et al.; ACM Computer Communication Review, vol. 24, No. 3, p. 8-17, Jul. 1994.
Raj K. Singh, et al.; Proceedings of the 1993 ACM/IEEE conference on Supercomputing, p. 452-461, Portland, Oregon, Nov. 15, 1993.
Regnier G., "Protocol Onload vs. Offload," 14th Symposium on High Performance Interconnects, Aug. 23, 2006, 1pp.
Robert M. Brandriff, et al.; ACM Computer Communication Review, vol. 15, No. 4, Sep. 1985.
Robert M. Metcalfe and David R. Boggs; Communications of the ACM, vol. 19, Issue 7, pp. 395-404, Jul. 1976.
Robert Ross, et al.; Proceedings of the 2001 ACM/IEEE conference on Supercomputing, pp. 11, Denver, Nov. 10, 2001.
S. L. Pope, et al.; Parallel and Distributed Computing and Networks, Brisbane, Australia, Dec. 1998.
Sally Floyd; ACM Computer Communication Review, vol. 24, No. 5, p. 8-23, Oct. 1994.
Sayantan Sur, et al.; Proceedings of the 2006 ACM/IEEE conference on Supercomputing, Tampa, Florida, Nov. 11, 2006.
Srihari Makineni and Ravi Iyer; Proceedings of the 10th International Symposium on High Performance Computer Architecture, pp. 152, Feb. 14, 2004.
Steve Muir and Jonathan Smith; Technical Report MS-CIS-00-04, University of Pennsylvania, Jan. 2000.
Steven J. Sistare, Christopher J. Jackson; Proceedings of the 2002 ACM/IEEE conference on Supercomputing, p. 1-15, Baltimore, Nov. 16, 2002.
Steven Pope, David Riddoch; ACM Computer Communication Review, vol. 37, No. 2, pp. 89-92, Mar. 19, 2007.
Stuart Wray, et al.; Proceedings of the International Conference on Multimedia Computing and Systems, p. 265-273, Boston, May 94.
Sumitha Bhandarkar, et al.; ACM Computer Communication Review, vol. 36, No. 1, pp. 41-50, Jan. 2006.
Thomas Sterling, et al.; Proceedings of the 24th International Conference on Parallel Processing, pp. 11-14, Aug. 1995.
Thorsten von Eicken, et al.; ACM Operating Systems Review, vol. 29, Issue 5, p. 109-126, Dec. 1995.
Tom Kelly; ACM Computer Communication Review, vol. 33, No. 2, pp. 83-91, Apr. 2003.
V. Cerf, et al.; ACM Computer Communication Review, vol. 6 No. 1, p. 1-18, Jan. 1976.
V. Jacobson; ACM Computer Communication Review, vol. 18, No. 4, p. 314-329, Aug. 1988.
Various forum members; Message-Passing Interface Forum, University of Tennessee, Knoxville, 1994, May 5, 1994.
Vinay Aggarwal, et al.; ACM Computer Communication Review, vol. 33, No. 5, Oct. 2003.
Vinton Cerf, Robert Kahn; IEEE Transactions on Communications, vol. COM-22, No. 5, pp. 637-648, May 1974.
W. E. Leland, et al.; ACM Computer Communication Review, vol. 23, No. 4, p. 85-95, Oct. 1993.
W. Feng and P. Tinnakornsrisuphap; Proceedings of the 2000 ACM/IEEE conference on Supercomputing, Dallas, Texas, Nov. 4, 2000.
W. Feng, et al.; Proceedings of the 13th Symposium on High Performance Interconnects, Aug. 17, 2005.
Wu-chun Feng, et al.; Proceedings of the 2003 ACM/IEEE conference on Supercomputing, Phoenix, Arizona, Nov. 15, 2003.

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160044046A1 (en) * 2012-10-16 2016-02-11 Pieter-Jan Boone Secure, non-disruptive firmware updating
US9749335B2 (en) * 2012-10-16 2017-08-29 Imprivata, Inc. Secure, non-disruptive firmware updating
US10187396B2 (en) 2012-10-16 2019-01-22 Imprivata, Inc. Secure, non-disruptive firmware updating
US10924493B2 (en) 2012-10-16 2021-02-16 Imprivata, Inc. Secure, non-disruptive firmware updating
US11637837B2 (en) 2012-10-16 2023-04-25 Imprivata, Inc. Secure, non-disruptive firmware updating
US10581861B2 (en) * 2017-09-12 2020-03-03 International Business Machines Corporation Endpoint access manager
US20220167162A1 (en) * 2019-04-12 2022-05-26 Kabushiki Kaisha Tokai Rika Denki Seisakusho Communication system and communication device
US12003962B2 (en) * 2019-04-12 2024-06-04 Kabushiki Kaisha Tokai Rika Denki Seisakusho Communication system and communication device
US11113046B1 (en) * 2019-09-24 2021-09-07 Amazon Technologies, Inc. Integration and remote control of a pre-assembled computer system into a server for a virtualization service
US11853771B1 (en) 2019-09-24 2023-12-26 Amazon Technologies, Inc. Offload card based virtualization of a pre-assembled computer system integrated into a server for a virtualization service
US20240143773A1 (en) * 2022-10-31 2024-05-02 Cisco Technology, Inc. Fabric-based root-of-trust

Also Published As

Publication number Publication date
EP2288077A1 (fr) 2011-02-23
US20110202983A1 (en) 2011-08-18
EP2288077B1 (fr) 2016-11-02

Similar Documents

Publication Publication Date Title
US9210140B2 (en) Remote functionality selection
US10691839B2 (en) Method, apparatus, and system for manageability and secure routing and endpoint access
EP2845346B1 (fr) Système et procédé de provisionnement sécurisé d'images virtualisées dans un environnement de réseau
US8966657B2 (en) Provisioning, upgrading, and/or changing of hardware
EP1728376B1 (fr) Procede, dispositifs et produit de programme informatique permettant de partager une cle cryptographique avec un agent integre sur un point limite de reseau dans un domaine de reseau
US20210073160A1 (en) Secure, remote support platform with an edge device
US11237986B1 (en) Method and apparatus for side-band management of security for a server computer
CN110073355A (zh) 服务器上的安全执行环境
EP3646176B1 (fr) Chiffrement/déchiffrement de communications réseau entre des machines virtuelles au niveau de la couche de virtualisation sur la base de clés après vérification de données de santé pour un ordinateur
US11693969B2 (en) System and method for providing security protection for FPGA based solid state drives
US11902271B2 (en) Two-way secure channels between multiple services across service groups
EP3361696A1 (fr) Procédé d'échange sécurisé d'informations de découverte de liaison
US20240303339A1 (en) System level root of trust (rot) binding and trust establishment
CA3204118A1 (fr) Plateforme de support a distance securisee dotee d'un dispositif peripherique

Legal Events

Date Code Title Description
AS Assignment

Owner name: SOLARFLARE COMMUNICATIONS, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:POPE, STEVEN L.;RIDDOCH, DAVID;SIGNING DATES FROM 20100831 TO 20100901;REEL/FRAME:024986/0810

AS Assignment

Owner name: SOLARFLARE COMMUNICATIONS, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:POPE, STEVEN L.;RIDDOCH, DAVID;SIGNING DATES FROM 20100831 TO 20100901;REEL/FRAME:024997/0030

AS Assignment

Owner name: COMERICA BANK, AS AGENT, A TEXAS BANKING ASSOCIATI

Free format text: SECURITY AGREEMENT;ASSIGNOR:SOLARFLARE COMMUNICATIONS, INC., A DELAWARE CORPORATION;REEL/FRAME:027487/0097

Effective date: 20111229

AS Assignment

Owner name: SOLARFLARE COMMUNICATIONS INC., CALIFORNIA

Free format text: CHANGE OF ADDRESS OF THE ASSIGNEE;ASSIGNOR:SOLARFLARE COMMUNICATIONS INC.;REEL/FRAME:029636/0295

Effective date: 20130104

AS Assignment

Owner name: SOLARFLARE COMMUNICATIONS, INC., CALIFORNIA

Free format text: RELEASE OF SECURITY INTEREST;ASSIGNOR:COMERICA BANK;REEL/FRAME:033716/0073

Effective date: 20140910

AS Assignment

Owner name: SOLARFLARE COMMUNICATIONS, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:COMERICA BANK;REEL/FRAME:034255/0140

Effective date: 20141105

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: PACIFIC WESTERN BANK, NORTH CAROLINA

Free format text: SECURITY INTEREST;ASSIGNOR:SOLARFLARE COMMUNICATIONS, INC.;REEL/FRAME:038363/0589

Effective date: 20160331

AS Assignment

Owner name: ALLY BANK, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNOR:SOLARFLARE COMMUNICATIONS, INC.;REEL/FRAME:041902/0527

Effective date: 20170223

AS Assignment

Owner name: SOLARFLARE COMMUNICATIONS, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:PACIFIC WESTERN BANK;REEL/FRAME:042820/0890

Effective date: 20170615

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

AS Assignment

Owner name: SOLARFLARE COMMUNICATIONS, INC., CALIFORNIA

Free format text: RELEASE OF INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:ALLY BANK;REEL/FRAME:049918/0440

Effective date: 20190730

AS Assignment

Owner name: XILINX, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SOLARFLARE COMMUNICATIONS, INC.;REEL/FRAME:051108/0209

Effective date: 20191113

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8